
COMING SOONBeginner
Remcos RAT: Malicious Invoice Attachment
An accounts-payable employee receives a phishing email carrying a password-protected ZIP that bypasses gateway sandboxing. Inside is a VBScript loader that chains through wscript and a hidden PowerShell cradle to drop the Remcos remote-access trojan. Walk the email gateway, file artifacts, and endpoint process tree step by step from the spoofed sender to the C2 beacon.
25m
6 tasks
25 points
FreeLaunches today
Jul 3, 2026
Create your free accountFriday, July 3, 2026 at 9:00 AM
Be ready the moment it drops — free forever.
Training Tools
EmailXDR
What you'll investigate
6 objectives unlock when this operation goes live.
1Brief: an invoice that was not an invoice
2Trace the delivery to its sender
3Identify the file Nina ran
4Follow the execution chain
5Name the remote-access tool that was installed
6Classify the scripting technique
Be first when it launches
Create your free account now. The moment this operation goes live on Jul 3, 2026, you can jump straight in — and you'll have the rest of the catalog to train on meanwhile.
Get Started FreeNo credit card required — free forever