General

  • Target

    5fb1bd6a1bb31534f4b4a208dc3f881d_JaffaCakes118

  • Size

    552KB

  • Sample

    240520-sbrvtsfd2t

  • MD5

    5fb1bd6a1bb31534f4b4a208dc3f881d

  • SHA1

    3e88ccfa16eb349b4f8059d47907d8c4154ca7e8

  • SHA256

    df0739f3988579942007024e55f8374444e7076b1e12adb285f800985d5f8ae9

  • SHA512

    24be6925ef077a72e425bdb69daeb06ef92fed25a34cf3a784e74b8237c069c5ffb2fee06df370b53f8dea8f9f9dc7671d16db787aae85823c43a806268373ab

  • SSDEEP

    12288:Qxzc3CMzKrmadzrY90c9tuHNY/g7mpaCdczW:Qo/Hjac+H+7aip

Score
10/10

Malware Config

Targets

    • Target

      5fb1bd6a1bb31534f4b4a208dc3f881d_JaffaCakes118

    • Size

      552KB

    • MD5

      5fb1bd6a1bb31534f4b4a208dc3f881d

    • SHA1

      3e88ccfa16eb349b4f8059d47907d8c4154ca7e8

    • SHA256

      df0739f3988579942007024e55f8374444e7076b1e12adb285f800985d5f8ae9

    • SHA512

      24be6925ef077a72e425bdb69daeb06ef92fed25a34cf3a784e74b8237c069c5ffb2fee06df370b53f8dea8f9f9dc7671d16db787aae85823c43a806268373ab

    • SSDEEP

      12288:Qxzc3CMzKrmadzrY90c9tuHNY/g7mpaCdczW:Qo/Hjac+H+7aip

    Score
    10/10
    • Remcos

      Remcos is a closed-source remote control and surveillance software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks