General
-
Target
604199cbc88628d6d93fe507f23ac2d0_JaffaCakes118
-
Size
242KB
-
Sample
240720-2jm2aazfrn
-
MD5
604199cbc88628d6d93fe507f23ac2d0
-
SHA1
687bc0278c38a6b9ca71a3defce92a370296c542
-
SHA256
f62ca03ce9a80ac13bce5c2854a3efbf8bcb9f38cd2bf0dce8209af516b2338f
-
SHA512
4d34c4d83b05eec3498b8035138614a76714579276f4f221a325c37dc2eae5daa9c061c11abe6ced91f8acc2859b8d1e7d0f2afa5606f4557631814a3426f769
-
SSDEEP
6144:1x/MuWRQHkIISZ2PxALf8bX1aUS68BAas1t7:ry8vZ2usFXS68TsT7
Static task
static1
Behavioral task
behavioral1
Sample
604199cbc88628d6d93fe507f23ac2d0_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
604199cbc88628d6d93fe507f23ac2d0_JaffaCakes118.exe
Resource
win10v2004-20240704-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240708-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral5
Sample
p01ehv9wv.dll
Resource
win7-20240704-en
Behavioral task
behavioral6
Sample
p01ehv9wv.dll
Resource
win10v2004-20240709-en
Malware Config
Extracted
remcos
2.7.2 Pro
MONEY-LOGS
103.153.76.111:2667
-
audio_folder
MicRecords
-
audio_path
%AppData%
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
EXCEL.exe
-
copy_folder
EXCEL
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
install_path
%AppData%
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
EXCEL
-
keylog_path
%AppData%
-
mouse_option
false
-
mutex
EXCEL-T1QMJO
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
EXCEL
-
take_screenshot_option
false
-
take_screenshot_time
5
-
take_screenshot_title
wikipedia;solitaire;
Targets
-
-
Target
604199cbc88628d6d93fe507f23ac2d0_JaffaCakes118
-
Size
242KB
-
MD5
604199cbc88628d6d93fe507f23ac2d0
-
SHA1
687bc0278c38a6b9ca71a3defce92a370296c542
-
SHA256
f62ca03ce9a80ac13bce5c2854a3efbf8bcb9f38cd2bf0dce8209af516b2338f
-
SHA512
4d34c4d83b05eec3498b8035138614a76714579276f4f221a325c37dc2eae5daa9c061c11abe6ced91f8acc2859b8d1e7d0f2afa5606f4557631814a3426f769
-
SSDEEP
6144:1x/MuWRQHkIISZ2PxALf8bX1aUS68BAas1t7:ry8vZ2usFXS68TsT7
Score10/10-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
fccff8cb7a1067e23fd2e2b63971a8e1
-
SHA1
30e2a9e137c1223a78a0f7b0bf96a1c361976d91
-
SHA256
6fcea34c8666b06368379c6c402b5321202c11b00889401c743fb96c516c679e
-
SHA512
f4335e84e6f8d70e462a22f1c93d2998673a7616c868177cac3e8784a3be1d7d0bb96f2583fa0ed82f4f2b6b8f5d9b33521c279a42e055d80a94b4f3f1791e0c
-
SSDEEP
192:xPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4v:g7VpNo8gmOyRsVc4
Score3/10 -
-
-
Target
p01ehv9wv.dll
-
Size
22KB
-
MD5
3f68de8284608c37fa2273f9fc8d9b19
-
SHA1
7cf819fa8a6c2cf2e25811282445742ceba54a96
-
SHA256
523ebe047debe82ad79dcc25215c32df1fd93353c00bab190567025a64fdc0c3
-
SHA512
488310eea4ee067e25c9d9c2806db64ef79edef1e0030957ef899f360fac7420af0702878b6e85184c6c9ed992d2757142063308bc23ce134628cd8af116a4c3
-
SSDEEP
384:WivX9tD/khowYtFqQeeXfoisqQeTAFFZYJq76BUE1dAxWYJIr+Y:WivXXCtYqQBvWZ/3uBUE1dAxWYJI6
Score3/10 -