skip to Main Content

Cybercrime, RemcosRAT via bank remittance is back

Malware Hunter JAMESWT Technical Analysis

RemcosRAT via bank remittance is back. The 2 attached pdfs, taking advantage of an exploit for a CVE vulnerability, extract an xls that contacts a url and downloads the malware

Remcos RAT is hiding inside a fake email about a bank remittance.

  

The two attached pdf files, exploiting the CVE-2017-11882 vulnerability, extract an xls that contact a url and download the malware.

Remcos is a cybercrime Remote Access Trojan (RAT), associated above all with courier-themed phishing campaigns and with a wide range of features: such as closely monitoring user activities, recording audio and video content, credentials, digital currency theft, download of additional payloads and exfiltration of confidential data avoiding detection and sandboxes.

Back To Top