Overview

overview

10

Static

static

3

50e8d1bfc6...18.exe

windows7-x64

10

50e8d1bfc6...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    50e8d1bfc6604c8dc05bd72b015bd1d0_JaffaCakes118

  • Size

    588KB

  • Sample

    240517-xap23ada98

  • MD5

    50e8d1bfc6604c8dc05bd72b015bd1d0

  • SHA1

    bf2f30a0b4d43fd24741a5fbb3830a1cf1846b6e

  • SHA256

    6a8e333328928f8497741e03ae829a86587b9005cccb2a33a6062c20cb759491

  • SHA512

    06cd20c661d2a9af4ffed4ce7223b2527a44438718a871312e2482a8290369633294aa94cdfe1b38c6d1d6f270d55b92eda83ceb170f6fce6e6eb47fe4277276

  • SSDEEP

    6144:kJFynC0QKjmzzqWMQE2VCW5+Mf3exBEScTC8iIkS8p1PREc3g/rN0IyN:xnC0nKzQgVCc+MAB8mS82agTN07

Score
10/10
remcospersistencerat

Malware Config

Targets

    • Target

      50e8d1bfc6604c8dc05bd72b015bd1d0_JaffaCakes118

    • Size

      588KB

    • MD5

      50e8d1bfc6604c8dc05bd72b015bd1d0

    • SHA1

      bf2f30a0b4d43fd24741a5fbb3830a1cf1846b6e

    • SHA256

      6a8e333328928f8497741e03ae829a86587b9005cccb2a33a6062c20cb759491

    • SHA512

      06cd20c661d2a9af4ffed4ce7223b2527a44438718a871312e2482a8290369633294aa94cdfe1b38c6d1d6f270d55b92eda83ceb170f6fce6e6eb47fe4277276

    • SSDEEP

      6144:kJFynC0QKjmzzqWMQE2VCW5+Mf3exBEScTC8iIkS8p1PREc3g/rN0IyN:xnC0nKzQgVCc+MAB8mS82agTN07

    Score
    10/10
    remcospersistencerat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks