Skip to main content
Remcos RAT: Malicious Invoice Attachment operation cover
COMING SOONBeginner

Remcos RAT: Malicious Invoice Attachment

An accounts-payable employee receives a phishing email carrying a password-protected ZIP that bypasses gateway sandboxing. Inside is a VBScript loader that chains through wscript and a hidden PowerShell cradle to drop the Remcos remote-access trojan. Walk the email gateway, file artifacts, and endpoint process tree step by step from the spoofed sender to the C2 beacon.

25m
6 tasks
25 points
Free

Launches today

Jul 3, 2026

Friday, July 3, 2026 at 9:00 AM

Create your free account

Be ready the moment it drops — free forever.

Training Tools

EmailXDR

What you'll investigate

6 objectives unlock when this operation goes live.

1Brief: an invoice that was not an invoice
2Trace the delivery to its sender
3Identify the file Nina ran
4Follow the execution chain
5Name the remote-access tool that was installed
6Classify the scripting technique

Be first when it launches

Create your free account now. The moment this operation goes live on Jul 3, 2026, you can jump straight in — and you'll have the rest of the catalog to train on meanwhile.

Get Started Free

No credit card required — free forever