SANS Internet Storm Center · Jun 16, 2026 07:09 UTC

From a VHDX File to a Remcos RAT, (Tue, Jun 16th)

Read full story on SANS Internet Storm Center
Share
From a VHDX File to a Remcos RAT, (Tue, Jun 16th)

Summary

Yesterday, a reader reported to us a malicious ZIP archive (SHA256: a0104921a2d37ab87482ac9a9f5c3713479c118846c3e999178e75b81620c094[1]). Once unzipped, it contains a VHDX file that discloses a malicious JavaScript after being mounted (which is automatic on modern Windows OSs):

Original reporting

Open original source

Related coverage

Read full article on SANS Internet Storm Center

Get the AFBytes Brief

Major stories, AI-assisted analysis, and what to watch next. Free, monthly, unsubscribe anytime.