VMTech
+381 11 4150 20024/7 Discuss a project
← All Instagram insights VMTECH · INSTAGRAM

Lazarus Deploys RemotePE — Memory‑Only RAT Targeting Financial and Crypto Firms

Lazarus применяет RemotePE — память‑только RAT против финансовых и криптоорганизаций

Colleagues, note: Lazarus is using RemotePE — a memory‑only RAT — against financial and crypto organizations.

Briefly:
- Fox‑IT reports RemotePE is delivered via two loaders: DPAPILoader (DPAPI decryption) and RemotePELoader, which loads and executes the module in memory.
- RemotePE supports command-and-control, file and process operations; evasion uses Hell's Gate and ETW patches.
- Delivery: targeted social‑engineering (Telegram, fake Calendly/Picktime); tool in development since 2023.

Why it matters: memory‑only execution and low footprint enable prolonged stealth in high‑value targets.

What are you doing to defend against such attack chains?

#cybersecurity #Lazarus #financialsecurity

Latest comments

No comments yet.