Overview

overview

10

Static

static

3

cbd453d3cc...18.exe

windows7-x64

10

cbd453d3cc...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cbd453d3cca0a21f19e5d2f1b2f2cdd5_JaffaCakes118

  • Size

    556KB

  • Sample

    240830-2yphna1hlk

  • MD5

    cbd453d3cca0a21f19e5d2f1b2f2cdd5

  • SHA1

    b5b2d7139500f1a45c9e85e7a278d59ab0e6dac4

  • SHA256

    0bec16111e2199d4f62882cd59c2e3868b5c7539e64f5f3fb16dde94e2b4292e

  • SHA512

    7ede9637c2fdb3640bdd2fb7bc81e7ba96b85dd6154ba68e4ff45469d9597bcca9ff76765ef16f28782d5ee50168a9323082a3d05b5fcb1ece4fe21e4f0eb66e

  • SSDEEP

    6144:D3zSXlx+8X8zqLoDpNAZF6HdygYEuH0u4N51cz/XtD/yld9K753:jWXTZsuMDpKT68gYEuUp50try1K7F

Score
10/10
remcosdiscoverypersistencerat

Malware Config

Targets

    • Target

      cbd453d3cca0a21f19e5d2f1b2f2cdd5_JaffaCakes118

    • Size

      556KB

    • MD5

      cbd453d3cca0a21f19e5d2f1b2f2cdd5

    • SHA1

      b5b2d7139500f1a45c9e85e7a278d59ab0e6dac4

    • SHA256

      0bec16111e2199d4f62882cd59c2e3868b5c7539e64f5f3fb16dde94e2b4292e

    • SHA512

      7ede9637c2fdb3640bdd2fb7bc81e7ba96b85dd6154ba68e4ff45469d9597bcca9ff76765ef16f28782d5ee50168a9323082a3d05b5fcb1ece4fe21e4f0eb66e

    • SSDEEP

      6144:D3zSXlx+8X8zqLoDpNAZF6HdygYEuH0u4N51cz/XtD/yld9K753:jWXTZsuMDpKT68gYEuUp50try1K7F

    Score
    10/10
    remcosdiscoverypersistencerat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks