216.73.216.233

AsyncRAT and Remcos delivered in an optimistic campaign

· Published 24/06/2026 11:33

Export JSON

Essential information

Published
24/06/2026 11:33
Modified
Source / Author
AlienVault
Confidence
100/100
Report type(s)
threat-report
Labels / Tags
asyncrat heavy obfuscation phishing remcos steganography
Related entities
70 indicators, 13 observables, 11 techniques (mitre)

Description

A global campaign targets business functions with emails carrying malicious Excel attachments that initiate a multi-stage infection chain when macros are enabled. The attack uses layered obfuscation, including HTA scripts, PowerShell, encoded payloads, and in PNG files, to deliver and execute Remote Access Trojans such as and in a largely fileless manner. It achieves scale and persistence through high variability, automation, disposable infrastructure, and consistent patterns that help evade detection despite relatively simple techniques.

External references