The files delivered contained encoded executables and shellcode — some were hosted on Russian image-hosting site, “joxi[.]net.” While researchers couldn’t determine the distribution method of the .proj files, these files’ objective was to execute either Remcos or RedLine Stealer. Most of the malware analyzed delivered Remcos as the final payload. Once installed on the victim’s computer, the Remcos trojan allows hackers to remote control, remote admin, remote anti-theft, remote support, and pentest a machine. Related Resource Cyber resilience for dummies While Remcos is commercial software created by Breaking Security, hackers often use it for malicious purposes. Researchers said the software enables full access to the infected machine with features like anti-AV, credential harvesting, gathering system information, keylogging, persistence, screen capture, script execution, and more.