Remcos arrives from Turkey via false bank statement. The email rar attachment contains an exe file: the malware

A fake email from a consulting company in Turkey on an account statement is the vector used to spread a new RemcosRAT campaign.

The compressed attachment in rar format contains an exe: the malware. Thew campaign is the same of the “inquiry” themed one from China, launched two days ago. Remcos is a cybercrime Remote Access Trojan (RAT), mainly associated with courier-themed phishing campaigns and with a wide range of functions: such as closely monitoring user activities, recording audio and video content, capturing of credentials, stealing digital currency, downloading additional payloads, and exfiltrating confidential data by avoiding detection and sandboxes.

Malware C2