New Fileless Remcos RAT Variant Found in Active Attacks

Cybersecurity
By BNL Team

Title: New Fileless Remcos RAT Variant Discovered

Author: Pierluigi Paganini

Date: November 11, 2024

Summary

Researchers at Fortinet have discovered a new phishing campaign spreading a fileless variant of the Remcos RAT. The campaign targets victims through malicious Excel documents disguised as order files.

Details

  • Attack Method: Phishing emails with malicious Excel documents exploiting CVE-2017-0199.
  • Payload: Fileless Remcos RAT deployed through HTA files and PowerShell scripts.
  • Persistence: Auto-run registry entry added for the malicious code.
  • Capabilities: Data theft, remote control, malicious activity execution.

Technical Analysis

  • Initial Infection: The malicious Excel document exploits CVE-2017-0199 to download and execute an HTA file.
  • HTA File Execution: The HTA file
BNL Team 118 posts 0 comments
You might also like More from author

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More