General
-
Target
6c73ccccd8582202a4f1152b69850b72_JaffaCakes118
-
Size
447KB
-
Sample
240724-xrtrksvglg
-
MD5
6c73ccccd8582202a4f1152b69850b72
-
SHA1
3974317a9fe77ec2cf202547cc8f7c5ff1df3573
-
SHA256
8936445f70094fbb59a2a29e1503838ad372674f2f50731137e6f5690aab5848
-
SHA512
324d32547423c6cb3424ddc945d72c92ffa6ea613a4f64f100b74ef64e2346ac902c69035a5ecebd048caa4592739a477b93debffd11c2987b5d14f214308bee
-
SSDEEP
12288:n1zsVTyFFhoPn9Rx5CmrwNWw+4b19WfTtcLSTUkKCCJRNX9zo:n1zsVTyFa2ogWz61MfTuYxvuv5
Static task
static1
Behavioral task
behavioral1
Sample
6c73ccccd8582202a4f1152b69850b72_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
6c73ccccd8582202a4f1152b69850b72_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
remcos
3.0.2 Pro
RemoteHost
91.241.19.107:1313
-
audio_folder
MicRecords
-
audio_path
%AppData%
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
install_path
%AppData%
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
keylog_path
%AppData%
-
mouse_option
false
-
mutex
Remcos-J2M0Y6
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
Remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
-
take_screenshot_title
wikipedia;solitaire;
Targets
-
-
Target
6c73ccccd8582202a4f1152b69850b72_JaffaCakes118
-
Size
447KB
-
MD5
6c73ccccd8582202a4f1152b69850b72
-
SHA1
3974317a9fe77ec2cf202547cc8f7c5ff1df3573
-
SHA256
8936445f70094fbb59a2a29e1503838ad372674f2f50731137e6f5690aab5848
-
SHA512
324d32547423c6cb3424ddc945d72c92ffa6ea613a4f64f100b74ef64e2346ac902c69035a5ecebd048caa4592739a477b93debffd11c2987b5d14f214308bee
-
SSDEEP
12288:n1zsVTyFFhoPn9Rx5CmrwNWw+4b19WfTtcLSTUkKCCJRNX9zo:n1zsVTyFa2ogWz61MfTuYxvuv5
Score10/10-
Suspicious use of SetThreadContext
-