← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Remcos RAT Targets Europe: New AMSI and ETW Evasion Tactics Uncovered
WHITE AlienVault 2025-03-05 Modified: 2025-03-05
7
IOCs
LOW VOLUME
This week, the SonicWall threat research team discovered a new update in the Remcos infection chain aimed at enhancing its stealth by patching AMSI scanning and ETW logging to evade detection. This loader was seen distributing Async RAT in the past but now it has extended its functionality to Remcos RAT and other malware families. From our analysis, it seems to be targeting European institutions.
RemcosRATphishingvb scriptpowershellzip
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Remcos
Indicators of Compromise (7)
All URL FileHash-SHA256
TYPEINDICATORDESCRIPTIONCREATED
URL https://0x0.st/8KuV.ps1 2025-03-05
FileHash-SHA256 55e5c8b8cba2ca2f152bf70dde2113f53f3dd42649cae535f55f0362b426e97c 2025-03-05
FileHash-SHA256 349be2b4b8180ee12e858a7bf43fdaa9af5fccef0c47c1a1408e7ae7265f338f 2025-03-05
FileHash-SHA256 9d59b5a0c4dd1b91d41ea6fc2fe70f7cd2ab08064834ce51d0751a2deadc1a9b 2025-03-05
FileHash-SHA256 04fc833b59af93308029d3e87c85e327a1e480508bc78b6a4e46c0cbd65ea8dc 2025-03-05
FileHash-SHA256 ef523c286eea072a9afd853f1c09629eaad923d3283865182ff0f75899fb5aa0 2025-03-05
FileHash-SHA256 2bd8b2423cae2cdbd1145f4899ebe42762b8a46787a007a14635ece512ca999f 2025-03-05
References (1)
↗ https://www.sonicwall.com/blog/remcos-rat-targets-europe-new-amsi-and-etw-evasion-tactics-uncovered