Malware Campaign Leverages SVGs, Email Attachments, and CDNs to Drop XWorm and Remcos via BAT Scripts

This report documents two campaigns delivering XWorm and Remcos RATs via obfuscated BAT-based loaders and PowerShell (including SVG-based delivery), describing fileless in-memory execution, AMSI/ETW disabling, persistence via Startup, multiple loader variants (Assembly.Load and shellcode execution), IOCs (MD5s), detections, and mapped MITRE ATT&CK techniques; it emphasizes the evolving use of non-traditional file formats and obfuscation to evade static defenses and recommends behavioral detection and content inspection.