RemotePE Propose Change

Actor(s): Lazarus Group

According to Fox-IT, RemotePE is the final-stage in-memory RAT that operates across multiple threads to handle C2 communication and command execution. It exposes a range of capabilities via a structured command set, including configuration, console access, file and process operations, and plugin support to dynamically load additional payloads. The framework emphasizes memory-only execution and encrypted, compressed exchanges with the C2, aiming to minimize forensic traces and enable long-term, stealthy control managed by an operator.

References

There is no Yara-Signature yet.