General
-
Target
bfe6f45d125d09126328a3937c50a47c_JaffaCakes118
-
Size
833KB
-
Sample
240825-cyqchsthml
-
MD5
bfe6f45d125d09126328a3937c50a47c
-
SHA1
185fa6d753189f3b1e0a9e3be9f1903c8bc26c51
-
SHA256
b4b898c7342a0a1cc948c2fd7a19f8f96d1958623ee2be73b65cec5cd356b96f
-
SHA512
c40bfbc2dea6ac0a03a4d8f9b023e73d5e276a557c1253c40b4b11e9c4755ff8cd35fc17543bb4f7f76ddec49b1b06f6eda9add6502acaf0d4aac6b4fed250ea
-
SSDEEP
24576:f2O/GlbHLPicTuKDVjfryOCLs2lQlZP695M5:6enIrmuri954
Malware Config
Targets
-
-
Target
bfe6f45d125d09126328a3937c50a47c_JaffaCakes118
-
Size
833KB
-
MD5
bfe6f45d125d09126328a3937c50a47c
-
SHA1
185fa6d753189f3b1e0a9e3be9f1903c8bc26c51
-
SHA256
b4b898c7342a0a1cc948c2fd7a19f8f96d1958623ee2be73b65cec5cd356b96f
-
SHA512
c40bfbc2dea6ac0a03a4d8f9b023e73d5e276a557c1253c40b4b11e9c4755ff8cd35fc17543bb4f7f76ddec49b1b06f6eda9add6502acaf0d4aac6b4fed250ea
-
SSDEEP
24576:f2O/GlbHLPicTuKDVjfryOCLs2lQlZP695M5:6enIrmuri954
Score10/10-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
UAC bypass
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
3