General

  • Target

    604199cbc88628d6d93fe507f23ac2d0_JaffaCakes118

  • Size

    242KB

  • Sample

    240720-2jm2aazfrn

  • MD5

    604199cbc88628d6d93fe507f23ac2d0

  • SHA1

    687bc0278c38a6b9ca71a3defce92a370296c542

  • SHA256

    f62ca03ce9a80ac13bce5c2854a3efbf8bcb9f38cd2bf0dce8209af516b2338f

  • SHA512

    4d34c4d83b05eec3498b8035138614a76714579276f4f221a325c37dc2eae5daa9c061c11abe6ced91f8acc2859b8d1e7d0f2afa5606f4557631814a3426f769

  • SSDEEP

    6144:1x/MuWRQHkIISZ2PxALf8bX1aUS68BAas1t7:ry8vZ2usFXS68TsT7

Score
10/10

Malware Config

Extracted

Family

remcos

Version

2.7.2 Pro

Botnet

MONEY-LOGS

C2

103.153.76.111:2667

Attributes
  • audio_folder

    MicRecords

  • audio_path

    %AppData%

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    EXCEL.exe

  • copy_folder

    EXCEL

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    false

  • install_path

    %AppData%

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    EXCEL

  • keylog_path

    %AppData%

  • mouse_option

    false

  • mutex

    EXCEL-T1QMJO

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • startup_value

    EXCEL

  • take_screenshot_option

    false

  • take_screenshot_time

    5

  • take_screenshot_title

    wikipedia;solitaire;

Targets

    • Target

      604199cbc88628d6d93fe507f23ac2d0_JaffaCakes118

    • Size

      242KB

    • MD5

      604199cbc88628d6d93fe507f23ac2d0

    • SHA1

      687bc0278c38a6b9ca71a3defce92a370296c542

    • SHA256

      f62ca03ce9a80ac13bce5c2854a3efbf8bcb9f38cd2bf0dce8209af516b2338f

    • SHA512

      4d34c4d83b05eec3498b8035138614a76714579276f4f221a325c37dc2eae5daa9c061c11abe6ced91f8acc2859b8d1e7d0f2afa5606f4557631814a3426f769

    • SSDEEP

      6144:1x/MuWRQHkIISZ2PxALf8bX1aUS68BAas1t7:ry8vZ2usFXS68TsT7

    Score
    10/10
    • Remcos

      Remcos is a closed-source remote control and surveillance software.

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      fccff8cb7a1067e23fd2e2b63971a8e1

    • SHA1

      30e2a9e137c1223a78a0f7b0bf96a1c361976d91

    • SHA256

      6fcea34c8666b06368379c6c402b5321202c11b00889401c743fb96c516c679e

    • SHA512

      f4335e84e6f8d70e462a22f1c93d2998673a7616c868177cac3e8784a3be1d7d0bb96f2583fa0ed82f4f2b6b8f5d9b33521c279a42e055d80a94b4f3f1791e0c

    • SSDEEP

      192:xPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4v:g7VpNo8gmOyRsVc4

    Score
    3/10
    • Target

      p01ehv9wv.dll

    • Size

      22KB

    • MD5

      3f68de8284608c37fa2273f9fc8d9b19

    • SHA1

      7cf819fa8a6c2cf2e25811282445742ceba54a96

    • SHA256

      523ebe047debe82ad79dcc25215c32df1fd93353c00bab190567025a64fdc0c3

    • SHA512

      488310eea4ee067e25c9d9c2806db64ef79edef1e0030957ef899f360fac7420af0702878b6e85184c6c9ed992d2757142063308bc23ce134628cd8af116a4c3

    • SSDEEP

      384:WivX9tD/khowYtFqQeeXfoisqQeTAFFZYJq76BUE1dAxWYJIr+Y:WivXXCtYqQBvWZ/3uBUE1dAxWYJI6

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks