General

  • Target

    2579e600ceb14dd737bd8d903a65d640_JaffaCakes118

  • Size

    260KB

  • Sample

    240508-ssg2ysah4t

  • MD5

    2579e600ceb14dd737bd8d903a65d640

  • SHA1

    694db6f247fa0f40e691f9da9d274490c818f60f

  • SHA256

    e64d41fb84a83432f460905f7fdecf6a704c1b58748bad2ddf328b5ba6a7d7e5

  • SHA512

    bb3f8e6ac87251aa24410b5470a908cc3a0b86032ce734e258fff0c6504b74d3b8b47ae77c60159b3e501edc39d97f56ae052beb2f7fa382d8e74a84f561bb69

  • SSDEEP

    3072:ZE5M+8UC6qpFosItPPJ1nH899TwJWZWVccPWdD0y4rPOUaNPl63kaY:S5bC5pFXIt3nnH8iWZQ5+10y4ifNMU

Score
10/10

Malware Config

Targets

    • Target

      2579e600ceb14dd737bd8d903a65d640_JaffaCakes118

    • Size

      260KB

    • MD5

      2579e600ceb14dd737bd8d903a65d640

    • SHA1

      694db6f247fa0f40e691f9da9d274490c818f60f

    • SHA256

      e64d41fb84a83432f460905f7fdecf6a704c1b58748bad2ddf328b5ba6a7d7e5

    • SHA512

      bb3f8e6ac87251aa24410b5470a908cc3a0b86032ce734e258fff0c6504b74d3b8b47ae77c60159b3e501edc39d97f56ae052beb2f7fa382d8e74a84f561bb69

    • SSDEEP

      3072:ZE5M+8UC6qpFosItPPJ1nH899TwJWZWVccPWdD0y4rPOUaNPl63kaY:S5bC5pFXIt3nnH8iWZQ5+10y4ifNMU

    Score
    10/10
    • Remcos

      Remcos is a closed-source remote control and surveillance software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks