Remcos RAT Targets Europe: New AMSI and ETW Evasion Tactics Uncovered

216.73.216.6

Remcos RAT Targets Europe: New AMSI and ETW Evasion Tactics Uncovered

· Published 05/03/2025 14:57 · Modified 05/03/2025 15:03

Essential information

Published: 05/03/2025 14:57
Modified: 05/03/2025 15:03
Tags: 2025-03-05 phishing powershell rat remcos vb script zip
Related entities: 7 observables, 3 techniques (mitre), 1 malware

Description

This week, the SonicWall threat research team discovered a new update in the Remcos infection chain aimed at enhancing its stealth by patching AMSI scanning and ETW logging to evade detection. This loader was seen distributing Async RAT in the past but now it has extended its functionality to Remcos RAT and other malware families. From our analysis, it seems to be targeting European institutions.

External references

https://www.sonicwall.com/blog/remcos-rat-targets-europe-new-amsi-and-etw-evasion-tactics-uncovered
https://otx.alienvault.com/pulse/67c8664cabae3f59536c42e2

Remcos RAT Targets Europe: New AMSI and ETW Evasion Tactics Uncovered

Essential information

Description

Related entities

Observables (7)

Techniques (MITRE) (3)

Malware (1)

External references