Analysis of a Multi-Stage Infection Chain: From Obfuscated JScript to Remcos RAT
This article presents a detailed analysis of a recent malware campaign that uses advanced obfuscation techniques to evade detection. The infection chain begins with a JScript script attached to a phishing email and culminates with the download of Remcos RAT. The analysis focuses on the obfuscation techniques used and how to disassemble each stage of the attack. Phishing Campaign and First Stage of Infection The campaign was distributed via phishing emails impersonating a legitimate Czech company. Although the email contained credible visual elements, it failed DMARC/SPF checks, which would likely have resulted in it being quarantined by most mail servers. ...