The fake pdf attached to the "PURCHASE ORDER 05-30-2023" email contains a link, from which you download a tgz file with a TAR, inside which there is an exe: the malware.
Cybercrime, Remcos campaign via DBatLoader
Remcos campaign via DBatLoader. The rar attachment contains an exe: the loader, which contacts a url and downloads the final malware
Remcos is conveyed by the email with the subject “RE: Document Required – Al Ansari & Partners Trading Co/Supplier No : 400667322” via DBatLoader (alias ModiLoader and NatsoLoader).
The rar attachment contains an exe: the loader, which contacts a url and downloads the final malware. Remcos is a cybercrime Remote Access Trojan (RAT), mainly associated with courier-themed phishing campaigns and with a wide range of functions: such as closely monitoring user activities, recording audio and video content, capturing of credentials, stealing digital currency, downloading additional payloads, and exfiltrating confidential data by avoiding detection and sandboxes.
Malware C2 – DBatLoader and Remcos
Related Posts
