THE article, authored by Xavier Mertens, discusses a cybersecurity threat involving a malicious ZIP file that, when extracted, reveals a VHDX file containing obfuscated JavaScript. This JavaScript leverages WMI to execute a PowerShell script, bypassing traditional security measures. The PowerShell script reconstructs hidden strings and downloads further malware, specifically targeting German-speaking victims. The ultimate outcome is the installation of Remcos RAT, which compromises system integrity.
The infection pathway includes: Email → ZIP → VHDX → JavaScript → PowerShell Decoder → PowerShell (.Net Loader) → Shellcode (Downloader) → Remcos. Key indicators and file hashes are provided for further analysis.