General

  • Target

    5375bea24d2e402983e38db7eeb65684_JaffaCakes118

  • Size

    328KB

  • Sample

    240518-hnfm8agf25

  • MD5

    5375bea24d2e402983e38db7eeb65684

  • SHA1

    d628ef2c43593d9f0ae99e5296df5cb31447aec5

  • SHA256

    0053cbec270580aa2c810e3c2535e802874a5916fb800631353c8edbbaf63358

  • SHA512

    c06936d2e93901a6a54abdb13b3d36d855483b8d8bb26d2704503df52e56719c71102dc859d5c894b99a00f1a213c86c4232374299c294a78237dba686f0d283

  • SSDEEP

    6144:UxAAFsaLsZVhPVmwOdsbx58cbT+7xEUNa:UxAklLsZ7Nm+bLOxba

Score
10/10

Malware Config

Targets

    • Target

      5375bea24d2e402983e38db7eeb65684_JaffaCakes118

    • Size

      328KB

    • MD5

      5375bea24d2e402983e38db7eeb65684

    • SHA1

      d628ef2c43593d9f0ae99e5296df5cb31447aec5

    • SHA256

      0053cbec270580aa2c810e3c2535e802874a5916fb800631353c8edbbaf63358

    • SHA512

      c06936d2e93901a6a54abdb13b3d36d855483b8d8bb26d2704503df52e56719c71102dc859d5c894b99a00f1a213c86c4232374299c294a78237dba686f0d283

    • SSDEEP

      6144:UxAAFsaLsZVhPVmwOdsbx58cbT+7xEUNa:UxAklLsZ7Nm+bLOxba

    Score
    10/10
    • Remcos

      Remcos is a closed-source remote control and surveillance software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks