Remcos RAT

Remcos RAT

SentinelOne security experts have reported a new phishing attack targeting Eastern European companies and institutions, the goal is the distribution of Remcos RAT via DBatLoader, going around the User Account Control (UAC) of Windows.

Remcos RAT

The email attack appears to come from a trusted sender. Attached is a tar.lz file which should contain a financial document, but actually inside the archive there are DBatLoader executables, disguised as Microsoft Office, LibreOffice and PDF documents.

Going to run the loader, a second payload is taken from Microsoft OneDrive or Google Drive and the fake directory C:\Windows \System32 is created in which three files are copied: easinvoker.exe (which is the legitimate one), netutils.dll ( which is infected) and KDECO.bat (also infected).

The malware runs easinvoker.exe which loads netutils.dll (hijacking DLL) which runs KDECO.bat. Considering the fact that the files are located in a directory similar to the original, Windows does not show the User Account Control (UAC) warning and the batch script manages to install Remcos RAT and adds a registry key for the automatic start.

To avoid running into computer security problems of this type, it is always a good idea to install good antivirus software on your computer.

Leave a Reply

Your email address will not be published. Required fields are marked *

Web Developer

Dopo una pluriennale esperienza professionale in qualità di ‘web developer’ presso agenzie di comunicazione e aziende informatiche, ho deciso di intraprendere la sfida della libera professione. Da oltre 13 anni collaboro stabilmente con agenzie di comunicazioni e agenzie turistiche e freelance sia nel panorama nazionale e internazionale. Sviluppare software e creare applicazioni è una professione che richiede una grande passione, molta dedizione e massima precisione, oltre a tanta esperienza. Non basta essere programmatori. Non ci si improvvisa. Bisogna capire le esigenze del committente, conoscere i sistemi, i linguaggi, il mercato e, alla fine… programmare e rendere usabile un prodotto “virtuale”.


Related posts

Social Share


1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)