Deceptive Layoff-Themed HR Email Distributes Remcos RAT Malware

**Executive summary:** Seqrite Labs observed a spam campaign using layoff/HR-themed lures that delivered an NSIS-compiled Remcos RAT disguised inside a double-extension RAR (pdf.rar). The payload installs to c:\ProgramData\Remcos\remcos.exe, achieves persistence via HKCU\Software\Microsoft\Windows\CurrentVersion\Run, stores configuration under HKCU\Software\Rmc-<VictimID>, and provides remote access, keylogging, screenshots, and clipboard monitoring; the report includes MD5 hashes and a C2 IP for detection and response.