Overview

overview

10

Static

static

3

032f24cfe3...18.exe

windows7-x64

7

032f24cfe3...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    032f24cfe3b0e8daa2e6f7d76ea1a9da_JaffaCakes118

  • Size

    1.1MB

  • Sample

    240427-nzfp9aae4w

  • MD5

    032f24cfe3b0e8daa2e6f7d76ea1a9da

  • SHA1

    f24a1d5bbe46c44b1b38de0007d1f4d5e5717b6b

  • SHA256

    bb5b3a0ac4bdbaa62d08222dc2e5d871d88cf1a0755b2e715fea3fd6d24b3e65

  • SHA512

    519e6ea35d36e9d9ad350b309a1ecf61ac09e6504aac7c7c2e0e225ed04f18808d8ca7e7be5fedadbfa2c8e62e5c976b991971e1112e026d491180003eaeb288

  • SSDEEP

    24576:0T0Kgjtv+zDeBVsZPJxl3INRQdGffhX7BAyqqX:i0vpmDeSJfINRQW5X7+2

Score
10/10
remcosrat

Malware Config

Targets

    • Target

      032f24cfe3b0e8daa2e6f7d76ea1a9da_JaffaCakes118

    • Size

      1.1MB

    • MD5

      032f24cfe3b0e8daa2e6f7d76ea1a9da

    • SHA1

      f24a1d5bbe46c44b1b38de0007d1f4d5e5717b6b

    • SHA256

      bb5b3a0ac4bdbaa62d08222dc2e5d871d88cf1a0755b2e715fea3fd6d24b3e65

    • SHA512

      519e6ea35d36e9d9ad350b309a1ecf61ac09e6504aac7c7c2e0e225ed04f18808d8ca7e7be5fedadbfa2c8e62e5c976b991971e1112e026d491180003eaeb288

    • SSDEEP

      24576:0T0Kgjtv+zDeBVsZPJxl3INRQdGffhX7BAyqqX:i0vpmDeSJfINRQW5X7+2

    Score
    10/10
    remcosrat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks