General

  • Target

    3941ba2f0f8d6c62b9931714c992c76e_JaffaCakes118

  • Size

    552KB

  • Sample

    240512-kqbs6agg6v

  • MD5

    3941ba2f0f8d6c62b9931714c992c76e

  • SHA1

    2ae4da950a5b71047bf2b67f7b76b9044375d1f9

  • SHA256

    80f6104926429d0109f63d8181997c1a9baac48a9386c617d3958321631e2f62

  • SHA512

    bac1e9e84473cfd4dc01ea5e72160613f80e5e17826c1a842ac84f2e83c7e2bad9a898478f72351f990bc06c68a71ee091b88f98a2d7c8268bb3b506972a5976

  • SSDEEP

    12288:x1dovGUpHpscZT+qQE63m67BxO8Vp+shAY1D9ZMD7f84ub:xYGYxAE63mSs4D1RqnfJS

Score
10/10

Malware Config

Targets

    • Target

      3941ba2f0f8d6c62b9931714c992c76e_JaffaCakes118

    • Size

      552KB

    • MD5

      3941ba2f0f8d6c62b9931714c992c76e

    • SHA1

      2ae4da950a5b71047bf2b67f7b76b9044375d1f9

    • SHA256

      80f6104926429d0109f63d8181997c1a9baac48a9386c617d3958321631e2f62

    • SHA512

      bac1e9e84473cfd4dc01ea5e72160613f80e5e17826c1a842ac84f2e83c7e2bad9a898478f72351f990bc06c68a71ee091b88f98a2d7c8268bb3b506972a5976

    • SSDEEP

      12288:x1dovGUpHpscZT+qQE63m67BxO8Vp+shAY1D9ZMD7f84ub:xYGYxAE63mSs4D1RqnfJS

    Score
    10/10
    • Remcos

      Remcos is a closed-source remote control and surveillance software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks