Malware Hunter JAMESWT Technical Analysis

RemcosRAT via bank remittance is back. The 2 attached pdfs, taking advantage of an exploit for a CVE vulnerability, extract an xls that contacts a url and downloads the malware

Remcos RAT is hiding inside a fake email about a bank remittance.

The two attached pdf files, exploiting the CVE-2017-11882 vulnerability, extract an xls that contact a url and download the malware.

Remcos is a cybercrime Remote Access Trojan (RAT), associated above all with courier-themed phishing campaigns and with a wide range of features: such as closely monitoring user activities, recording audio and video content, credentials, digital currency theft, download of additional payloads and exfiltration of confidential data avoiding detection and sandboxes.