Summary ======== Yesterday when reviewing the spam filters I found an email with a malicious attachment (.slk file) that setups the system to be infected with what looks to be a NetSupport RAT (based on the information found in the PCAP). I Checked the usual OSINT resources (ie: Hybrid Analysis,…
Special thanks to one of my colleagues and @nazywam on Twitter that helped me with this. The Twitter thread about this can be found here. To obtain the Javascript file, see the Any.Run link here. The other day (2019-08-20) while looking at caught emails in the SPAM folder, I came…
I came across this sample yesterday via my usual method – the email filters. The email is your pretty standard stuff acting as a proposal for an order. Once you open the zip file, there is an executable. From here, the fun began. For the artifacts/logs/PCAP from this analysis, please…
Earlier this morning I came across some emails that had a subject line that caught my attention. They were all from the same sender and all of them had the same maldoc attached to them. From what I can tell this looks to be related to the REMCOS RAT as…