General

  • Target

    2a79d2a8eebe3cbbdfaa7b61d72cb866_JaffaCakes118

  • Size

    192KB

  • Sample

    240509-r6yfesac26

  • MD5

    2a79d2a8eebe3cbbdfaa7b61d72cb866

  • SHA1

    6c84f09929337bb41549dde77d982ff2c000c3b7

  • SHA256

    0340b84c0a3ca20f9c09e1a81c9e9cb561607e491fca652b07a196cd40138648

  • SHA512

    13e1873f5e0257ae9662fa3c4b9bd162823a0d112c5538cbcd6c84898338b4ee2c6a3e03d8140301594b7c585f3aeff0e2342801a4716e32feb9d18e53da805d

  • SSDEEP

    3072:WPtzkCz/jveCrm2DdbDw0RqMuZF5E1Wvc0kSMwufZPM7a7cf2DCTP:WK2ya9/i21QFufZPM7a7cf2i

Score
10/10

Malware Config

Targets

    • Target

      2a79d2a8eebe3cbbdfaa7b61d72cb866_JaffaCakes118

    • Size

      192KB

    • MD5

      2a79d2a8eebe3cbbdfaa7b61d72cb866

    • SHA1

      6c84f09929337bb41549dde77d982ff2c000c3b7

    • SHA256

      0340b84c0a3ca20f9c09e1a81c9e9cb561607e491fca652b07a196cd40138648

    • SHA512

      13e1873f5e0257ae9662fa3c4b9bd162823a0d112c5538cbcd6c84898338b4ee2c6a3e03d8140301594b7c585f3aeff0e2342801a4716e32feb9d18e53da805d

    • SSDEEP

      3072:WPtzkCz/jveCrm2DdbDw0RqMuZF5E1Wvc0kSMwufZPM7a7cf2DCTP:WK2ya9/i21QFufZPM7a7cf2i

    Score
    10/10
    • Remcos

      Remcos is a closed-source remote control and surveillance software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks