{"id":20917,"date":"2023-09-21T14:17:52","date_gmt":"2023-09-21T12:17:52","guid":{"rendered":"https:\/\/www.defencetech.it\/?p=20917"},"modified":"2025-06-10T10:05:10","modified_gmt":"2025-06-10T08:05:10","slug":"guloader-distributes-remcos-second-part-malware-analysis-report","status":"publish","type":"post","link":"https:\/\/tinextadefence.it\/en\/guloader-distributes-remcos-second-part-malware-analysis-report\/","title":{"rendered":"GuLoader distributes Remcos - Part 2 - Malware Analysis Report"},"content":{"rendered":"<p>As promised, here we are with the second part of the Malware Report dedicated to GuLoader distributing Remcos.<\/p>\r\n\r\n\r\n\r\n<p><strong>Remcos<\/strong> (<em>Remote Control &amp; Surveillance Software<\/em>) is a software advertised by the company <em>BreakingSecurity<\/em> as a legitimate means of remote access.\u00a0<br \/><br \/>According to various online publications, it also emerged that this software was developed by a German company, however, their headquarters are located in Rome, as can easily be seen on the company's official website.<br \/><br \/>It has also been proven, both by technical publications of renowned vendors and by the continuous CERT reports (<em>Computer Emergency Response Team<\/em>) Italian, which Remcos is and has been used in several hacking campaigns because it can act as a <strong>backdoor<\/strong> on the system, granting full access to a remote user.\u00a0<br \/><br \/>Our report examines its functionality, focusing in particular on how it can perform privilege elevation on the system, bypassing the Windows user access control.<\/p>\r\n\r\n\r\n\r\n<p>If you wish to learn more, here is the link to our <strong><a href=\"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/03\/Report-GuLoader-deploys-Remcos-2.pdf\">full report<\/a><\/strong>.\u00a0\u00a0<\/p>\r\n\r\n\r\n\r\n<p><span data-contrast=\"none\">In addition, you can subscribe to the specific mailing list <b>Cyber Studios by Tinexta Defence<\/b>, to receive updates on upcoming research: <\/span><a href=\"https:\/\/tinextadefence.it\/en\/cyber-studios-mailing-list\/\"><span data-contrast=\"none\">https:\/\/tinextadefence.it\/mailing-list-cyber-studios\/<\/span><\/a><\/p>","protected":false},"excerpt":{"rendered":"<p>Come promesso, eccoci con la seconda parte del Malware Report dedicato a GuLoader che distribuisce Remcos. Remcos (Remote Control &amp; Surveillance Software) \u00e8 un software pubblicizzato dalla societ\u00e0 BreakingSecurity come uno strumento legittimo di accesso remoto.\u00a0 Secondo varie pubblicazioni online, inoltre, \u00e8 emerso che questo software \u00e8 stato sviluppato da un\u2019azienda tedesca, tuttavia, il loro [&hellip;]<\/p>","protected":false},"author":2,"featured_media":26257,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[102],"tags":[110],"class_list":["post-20917","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-tinextadefencebusiness","tag-articoli"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v25.8 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>GuLoader distribuisce Remcos \u2013 Seconda parte - Malware Analysis Report - Tinexta Defence<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/tinextadefence.it\/en\/guloader-distributes-remcos-second-part-malware-analysis-report\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"GuLoader distribuisce Remcos \u2013 Seconda parte - Malware Analysis Report - Tinexta Defence\" \/>\n<meta property=\"og:description\" content=\"Come promesso, eccoci con la seconda parte del Malware Report dedicato a GuLoader che distribuisce Remcos. Remcos (Remote Control &amp; Surveillance Software) \u00e8 un software pubblicizzato dalla societ\u00e0 BreakingSecurity come uno strumento legittimo di accesso remoto.\u00a0 Secondo varie pubblicazioni online, inoltre, \u00e8 emerso che questo software \u00e8 stato sviluppato da un\u2019azienda tedesca, tuttavia, il loro [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/tinextadefence.it\/en\/guloader-distributes-remcos-second-part-malware-analysis-report\/\" \/>\n<meta property=\"og:site_name\" content=\"Tinexta Defence\" \/>\n<meta property=\"article:published_time\" content=\"2023-09-21T12:17:52+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-06-10T08:05:10+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/03\/Tinexta_Defence_evidenza_articolo.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"640\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Simone Sorte\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Simone Sorte\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/tinextadefence.it\/guloader-distribuisce-remcos-seconda-parte-malware-analysis-report\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/tinextadefence.it\/guloader-distribuisce-remcos-seconda-parte-malware-analysis-report\/\"},\"author\":{\"name\":\"Simone Sorte\",\"@id\":\"https:\/\/tinextadefence.it\/#\/schema\/person\/1f5092d13bbba815b7d8508dc4a0a941\"},\"headline\":\"GuLoader distribuisce Remcos \u2013 Seconda parte &#8211; Malware Analysis Report\",\"datePublished\":\"2023-09-21T12:17:52+00:00\",\"dateModified\":\"2025-06-10T08:05:10+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/tinextadefence.it\/guloader-distribuisce-remcos-seconda-parte-malware-analysis-report\/\"},\"wordCount\":183,\"publisher\":{\"@id\":\"https:\/\/tinextadefence.it\/#organization\"},\"image\":{\"@id\":\"https:\/\/tinextadefence.it\/guloader-distribuisce-remcos-seconda-parte-malware-analysis-report\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/03\/Tinexta_Defence_evidenza_articolo.jpg\",\"keywords\":[\"Articoli\"],\"articleSection\":[\"#TDefenceBusiness\"],\"inLanguage\":\"en-GB\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/tinextadefence.it\/guloader-distribuisce-remcos-seconda-parte-malware-analysis-report\/\",\"url\":\"https:\/\/tinextadefence.it\/guloader-distribuisce-remcos-seconda-parte-malware-analysis-report\/\",\"name\":\"GuLoader distribuisce Remcos \u2013 Seconda parte - Malware Analysis Report - Tinexta Defence\",\"isPartOf\":{\"@id\":\"https:\/\/tinextadefence.it\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/tinextadefence.it\/guloader-distribuisce-remcos-seconda-parte-malware-analysis-report\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/tinextadefence.it\/guloader-distribuisce-remcos-seconda-parte-malware-analysis-report\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/03\/Tinexta_Defence_evidenza_articolo.jpg\",\"datePublished\":\"2023-09-21T12:17:52+00:00\",\"dateModified\":\"2025-06-10T08:05:10+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/tinextadefence.it\/guloader-distribuisce-remcos-seconda-parte-malware-analysis-report\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/tinextadefence.it\/guloader-distribuisce-remcos-seconda-parte-malware-analysis-report\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/tinextadefence.it\/guloader-distribuisce-remcos-seconda-parte-malware-analysis-report\/#primaryimage\",\"url\":\"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/03\/Tinexta_Defence_evidenza_articolo.jpg\",\"contentUrl\":\"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/03\/Tinexta_Defence_evidenza_articolo.jpg\",\"width\":1200,\"height\":640,\"caption\":\"Immagine in evidenza astratta per gli articoli di Tinexta Defence\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/tinextadefence.it\/guloader-distribuisce-remcos-seconda-parte-malware-analysis-report\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/tinextadefence.it\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"GuLoader distribuisce Remcos \u2013 Seconda parte &#8211; Malware Analysis Report\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/tinextadefence.it\/#website\",\"url\":\"https:\/\/tinextadefence.it\/\",\"name\":\"Tinexta Defence\",\"description\":\"think next, protect now\",\"publisher\":{\"@id\":\"https:\/\/tinextadefence.it\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/tinextadefence.it\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/tinextadefence.it\/#organization\",\"name\":\"Tinexta Defence\",\"url\":\"https:\/\/tinextadefence.it\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/tinextadefence.it\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/03\/Tinexta_Defence_marchio.png\",\"contentUrl\":\"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/03\/Tinexta_Defence_marchio.png\",\"width\":2000,\"height\":990,\"caption\":\"Tinexta Defence\"},\"image\":{\"@id\":\"https:\/\/tinextadefence.it\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/tinextadefence.it\/#\/schema\/person\/1f5092d13bbba815b7d8508dc4a0a941\",\"name\":\"Simone Sorte\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/tinextadefence.it\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/32dedea25589c73ac8f3d6a24a91a3de89a9dbecfeb8badd55816a91df1c8a31?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/32dedea25589c73ac8f3d6a24a91a3de89a9dbecfeb8badd55816a91df1c8a31?s=96&d=mm&r=g\",\"caption\":\"Simone Sorte\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"GuLoader distributes Remcos - Part 2 - Malware Analysis Report - Tinexta Defence","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/tinextadefence.it\/en\/guloader-distributes-remcos-second-part-malware-analysis-report\/","og_locale":"en_GB","og_type":"article","og_title":"GuLoader distribuisce Remcos \u2013 Seconda parte - Malware Analysis Report - Tinexta Defence","og_description":"Come promesso, eccoci con la seconda parte del Malware Report dedicato a GuLoader che distribuisce Remcos. Remcos (Remote Control &amp; Surveillance Software) \u00e8 un software pubblicizzato dalla societ\u00e0 BreakingSecurity come uno strumento legittimo di accesso remoto.\u00a0 Secondo varie pubblicazioni online, inoltre, \u00e8 emerso che questo software \u00e8 stato sviluppato da un\u2019azienda tedesca, tuttavia, il loro [&hellip;]","og_url":"https:\/\/tinextadefence.it\/en\/guloader-distributes-remcos-second-part-malware-analysis-report\/","og_site_name":"Tinexta Defence","article_published_time":"2023-09-21T12:17:52+00:00","article_modified_time":"2025-06-10T08:05:10+00:00","og_image":[{"width":1200,"height":640,"url":"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/03\/Tinexta_Defence_evidenza_articolo.jpg","type":"image\/jpeg"}],"author":"Simone Sorte","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Simone Sorte","Estimated reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/tinextadefence.it\/guloader-distribuisce-remcos-seconda-parte-malware-analysis-report\/#article","isPartOf":{"@id":"https:\/\/tinextadefence.it\/guloader-distribuisce-remcos-seconda-parte-malware-analysis-report\/"},"author":{"name":"Simone Sorte","@id":"https:\/\/tinextadefence.it\/#\/schema\/person\/1f5092d13bbba815b7d8508dc4a0a941"},"headline":"GuLoader distribuisce Remcos \u2013 Seconda parte &#8211; Malware Analysis Report","datePublished":"2023-09-21T12:17:52+00:00","dateModified":"2025-06-10T08:05:10+00:00","mainEntityOfPage":{"@id":"https:\/\/tinextadefence.it\/guloader-distribuisce-remcos-seconda-parte-malware-analysis-report\/"},"wordCount":183,"publisher":{"@id":"https:\/\/tinextadefence.it\/#organization"},"image":{"@id":"https:\/\/tinextadefence.it\/guloader-distribuisce-remcos-seconda-parte-malware-analysis-report\/#primaryimage"},"thumbnailUrl":"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/03\/Tinexta_Defence_evidenza_articolo.jpg","keywords":["Articoli"],"articleSection":["#TDefenceBusiness"],"inLanguage":"en-GB"},{"@type":"WebPage","@id":"https:\/\/tinextadefence.it\/guloader-distribuisce-remcos-seconda-parte-malware-analysis-report\/","url":"https:\/\/tinextadefence.it\/guloader-distribuisce-remcos-seconda-parte-malware-analysis-report\/","name":"GuLoader distributes Remcos - Part 2 - Malware Analysis Report - Tinexta Defence","isPartOf":{"@id":"https:\/\/tinextadefence.it\/#website"},"primaryImageOfPage":{"@id":"https:\/\/tinextadefence.it\/guloader-distribuisce-remcos-seconda-parte-malware-analysis-report\/#primaryimage"},"image":{"@id":"https:\/\/tinextadefence.it\/guloader-distribuisce-remcos-seconda-parte-malware-analysis-report\/#primaryimage"},"thumbnailUrl":"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/03\/Tinexta_Defence_evidenza_articolo.jpg","datePublished":"2023-09-21T12:17:52+00:00","dateModified":"2025-06-10T08:05:10+00:00","breadcrumb":{"@id":"https:\/\/tinextadefence.it\/guloader-distribuisce-remcos-seconda-parte-malware-analysis-report\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/tinextadefence.it\/guloader-distribuisce-remcos-seconda-parte-malware-analysis-report\/"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/tinextadefence.it\/guloader-distribuisce-remcos-seconda-parte-malware-analysis-report\/#primaryimage","url":"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/03\/Tinexta_Defence_evidenza_articolo.jpg","contentUrl":"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/03\/Tinexta_Defence_evidenza_articolo.jpg","width":1200,"height":640,"caption":"Immagine in evidenza astratta per gli articoli di Tinexta Defence"},{"@type":"BreadcrumbList","@id":"https:\/\/tinextadefence.it\/guloader-distribuisce-remcos-seconda-parte-malware-analysis-report\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/tinextadefence.it\/"},{"@type":"ListItem","position":2,"name":"GuLoader distribuisce Remcos \u2013 Seconda parte &#8211; Malware Analysis Report"}]},{"@type":"WebSite","@id":"https:\/\/tinextadefence.it\/#website","url":"https:\/\/tinextadefence.it\/","name":"Tinexta Defence","description":"think next, protect now","publisher":{"@id":"https:\/\/tinextadefence.it\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/tinextadefence.it\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Organization","@id":"https:\/\/tinextadefence.it\/#organization","name":"Tinexta Defence","url":"https:\/\/tinextadefence.it\/","logo":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/tinextadefence.it\/#\/schema\/logo\/image\/","url":"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/03\/Tinexta_Defence_marchio.png","contentUrl":"https:\/\/tinextadefence.it\/wp-content\/uploads\/2025\/03\/Tinexta_Defence_marchio.png","width":2000,"height":990,"caption":"Tinexta Defence"},"image":{"@id":"https:\/\/tinextadefence.it\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/tinextadefence.it\/#\/schema\/person\/1f5092d13bbba815b7d8508dc4a0a941","name":"Simone Sorte","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/tinextadefence.it\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/32dedea25589c73ac8f3d6a24a91a3de89a9dbecfeb8badd55816a91df1c8a31?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/32dedea25589c73ac8f3d6a24a91a3de89a9dbecfeb8badd55816a91df1c8a31?s=96&d=mm&r=g","caption":"Simone Sorte"}}]}},"_links":{"self":[{"href":"https:\/\/tinextadefence.it\/en\/wp-json\/wp\/v2\/posts\/20917","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/tinextadefence.it\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tinextadefence.it\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tinextadefence.it\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/tinextadefence.it\/en\/wp-json\/wp\/v2\/comments?post=20917"}],"version-history":[{"count":0,"href":"https:\/\/tinextadefence.it\/en\/wp-json\/wp\/v2\/posts\/20917\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/tinextadefence.it\/en\/wp-json\/wp\/v2\/media\/26257"}],"wp:attachment":[{"href":"https:\/\/tinextadefence.it\/en\/wp-json\/wp\/v2\/media?parent=20917"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tinextadefence.it\/en\/wp-json\/wp\/v2\/categories?post=20917"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tinextadefence.it\/en\/wp-json\/wp\/v2\/tags?post=20917"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}