The email “Hesap hareketleriniz” conveys Remcos. A new zipped attachment contains an exe: the malware, while the text and C2s do not change from previous campaign waves

The “Hesap hareketleriniz” email is the latest bait of the Garanti BBVA-themed Remcos campaign.

A new zipped attachment contains an exe: the malware, while the text and C2s are unchanged from previous campaign waves. Remcos is a cybercrime Remote Access Trojan (RAT), mainly associated with courier-themed phishing campaigns and with a wide range of functions: such as closely monitoring user activities, recording audio and video content, capturing of credentials, stealing digital currency, downloading additional payloads, and exfiltrating confidential data by avoiding detection and sandboxes.

Malware C2