General
-
Target
7160c922014ca2e09814ea97e0892575_JaffaCakes118
-
Size
330KB
-
Sample
240525-kavlbsbe4w
-
MD5
7160c922014ca2e09814ea97e0892575
-
SHA1
4b89e8c0e55360eb92040feae26d80c73542846c
-
SHA256
f053c60697e0af53615df9ef94f936ea9f571a2f697e19c7db8955d36fe12a4a
-
SHA512
2adf6b0a5ad50c92152a2aa5a8d3c8c113c374a5a9e823f4ddf391de9beed3069597ad5fc7fde0571bd18c2c91a8042121bfb6fad4ffde768cfb69ee08ac7b22
-
SSDEEP
6144:2w6JMnBKjX33LRxKEV+KliE3IvHlouxcAG42uZ:D6MI7LRECFiHegnT
Static task
static1
Behavioral task
behavioral1
Sample
7160c922014ca2e09814ea97e0892575_JaffaCakes118.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
7160c922014ca2e09814ea97e0892575_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
remcos
2.4.7 Pro
28-07-2019
muhoste.ddnsfree.com:2401
koustaeik.dynu.net:2424
houstus.gleeze.com:2525
foustraje.mywire.org:2626
housteko.mywire.org:2727
houstrik.gleeze.com:2828
-
audio_folder
MicRecords
-
audio_path
%AppData%
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
3
-
copy_file
servicesT.exe
-
copy_folder
Windows10Update
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
true
-
install_flag
true
-
install_path
%AppData%
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
SystemWindows7
-
keylog_path
%AppData%
-
mouse_option
false
-
mutex
le1boss2019-P7U0OY
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
sips3
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
Defender-Update-System
-
take_screenshot_option
true
-
take_screenshot_time
1
-
take_screenshot_title
amazon;secure;checkout;payment;rakuten;order;sncf;secure2;pay;hipay;bricoprive;webpayment;payline;Alipay;hsbc;3d;secur5e;authentification;paybox;récapitilatif;systempay;worldpay;secure1;cic;sips;3dsecure;sogenactif;paiement;paypal;paylib;webpayment
Targets
-
-
Target
7160c922014ca2e09814ea97e0892575_JaffaCakes118
-
Size
330KB
-
MD5
7160c922014ca2e09814ea97e0892575
-
SHA1
4b89e8c0e55360eb92040feae26d80c73542846c
-
SHA256
f053c60697e0af53615df9ef94f936ea9f571a2f697e19c7db8955d36fe12a4a
-
SHA512
2adf6b0a5ad50c92152a2aa5a8d3c8c113c374a5a9e823f4ddf391de9beed3069597ad5fc7fde0571bd18c2c91a8042121bfb6fad4ffde768cfb69ee08ac7b22
-
SSDEEP
6144:2w6JMnBKjX33LRxKEV+KliE3IvHlouxcAG42uZ:D6MI7LRECFiHegnT
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-