Overview

overview

10

Static

static

3

5fc8d37fff...18.exe

windows7-x64

10

5fc8d37fff...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5fc8d37fffadc527ac83401e5fdf5778_JaffaCakes118

  • Size

    245KB

  • Sample

    240520-sqf2wafb68

  • MD5

    5fc8d37fffadc527ac83401e5fdf5778

  • SHA1

    c0f852d45e3b10b72333d6a6ac3322fdbd820214

  • SHA256

    590cdfa88046870ec0948a6efb65f31eaa51f9c6f70eab68e9caefd3fad37ee8

  • SHA512

    a8a874eeda33409e91174c3b6d2c599e0b742335019b47f8357b39261f31f9cc22e5e70ee32cec6f926ba2a4202e040793ca8514d1f84d6d485980aa915df660

  • SSDEEP

    3072:hPHtxYUgN/5/c7CtZP+FbQyA2WtqkO1gufKcQ48Ev5v5KkVvBfwenV6J9sHNW:hPIUoR3rPCpAFguXjjENB1pp6J98NW

Score
10/10
remcospersistencerat

Malware Config

Targets

    • Target

      5fc8d37fffadc527ac83401e5fdf5778_JaffaCakes118

    • Size

      245KB

    • MD5

      5fc8d37fffadc527ac83401e5fdf5778

    • SHA1

      c0f852d45e3b10b72333d6a6ac3322fdbd820214

    • SHA256

      590cdfa88046870ec0948a6efb65f31eaa51f9c6f70eab68e9caefd3fad37ee8

    • SHA512

      a8a874eeda33409e91174c3b6d2c599e0b742335019b47f8357b39261f31f9cc22e5e70ee32cec6f926ba2a4202e040793ca8514d1f84d6d485980aa915df660

    • SSDEEP

      3072:hPHtxYUgN/5/c7CtZP+FbQyA2WtqkO1gufKcQ48Ev5v5KkVvBfwenV6J9sHNW:hPIUoR3rPCpAFguXjjENB1pp6J98NW

    Score
    10/10
    remcospersistencerat

    • Modifies WinLogon for persistence

      persistence

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Modifies WinLogon

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks