General
-
Target
24e6decd318dbb52015ad9148bd91016_JaffaCakes118
-
Size
416KB
-
Sample
240508-p1cknaff99
-
MD5
24e6decd318dbb52015ad9148bd91016
-
SHA1
b806651869a30d3ff780b51b1946a8d625049dc7
-
SHA256
b43036a0048cb92bf8d2741234b749d02fb0a4ef9f09740fe52858a037845877
-
SHA512
962f3d3b67ffd2989292e7a1e7e09131022dddea6e9ab29c10ffb47f1498abae50cc49f473930aedad533a034e9e22e14bad6504fd7ee8407750d176fee312bf
-
SSDEEP
3072:LA2psK6vCwnIE5egrp5pS8udOECzgn7qzYO+xCVulId7w/aSx/8JW+dQAfNW7R9p:kneg7fudiilg8l1vl8JW+dQdDk+yI4O
Static task
static1
Behavioral task
behavioral1
Sample
24e6decd318dbb52015ad9148bd91016_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
24e6decd318dbb52015ad9148bd91016_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
remcos
2.2.0 Pro
Scvhost
success.publicvm.com:5060
-
audio_folder
MicRecords
-
audio_path
%AppData%
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
3
-
copy_file
DnasApp.exe
-
copy_folder
DnasApp
-
delete_file
true
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
true
-
install_path
%AppData%
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
keylog_path
%AppData%
-
mouse_option
false
-
mutex
DnasApp-GD3ZG4
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
DnasApp
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
24e6decd318dbb52015ad9148bd91016_JaffaCakes118
-
Size
416KB
-
MD5
24e6decd318dbb52015ad9148bd91016
-
SHA1
b806651869a30d3ff780b51b1946a8d625049dc7
-
SHA256
b43036a0048cb92bf8d2741234b749d02fb0a4ef9f09740fe52858a037845877
-
SHA512
962f3d3b67ffd2989292e7a1e7e09131022dddea6e9ab29c10ffb47f1498abae50cc49f473930aedad533a034e9e22e14bad6504fd7ee8407750d176fee312bf
-
SSDEEP
3072:LA2psK6vCwnIE5egrp5pS8udOECzgn7qzYO+xCVulId7w/aSx/8JW+dQAfNW7R9p:kneg7fudiilg8l1vl8JW+dQdDk+yI4O
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-