Remcos RAT Targets Europe: New AMSI and ETW Evasion Tactics Uncovered

SUMMARY :

This week, the SonicWall threat research team discovered a new update in the Remcos infection chain aimed at enhancing its stealth by patching AMSI scanning and ETW logging to evade detection. This loader was seen distributing Async RAT in the past but now it has extended its functionality to Remcos RAT and other malware families. From our analysis, it seems to be targeting European institutions.

OPENCTI LABELS :

powershell,rat,phishing,remcos,zip,vb script


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Remcos RAT Targets Europe: New AMSI and ETW Evasion Tactics Uncovered