Overview

overview

10

Static

static

3

cba17390b5...18.exe

windows7-x64

10

cba17390b5...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cba17390b59f3c9380e24455c440d3eb_JaffaCakes118

  • Size

    584KB

  • Sample

    240830-zhv96avhkn

  • MD5

    cba17390b59f3c9380e24455c440d3eb

  • SHA1

    f3544f292336cf0f6e3a6163ccfda6ae6ed442b6

  • SHA256

    3102123a62009a62e4a75da567d6b65abd2de23c739cba7486dff4337927fec4

  • SHA512

    b3a5084bc86b9640b68240e60b9328d3a4d09765720a44722e593c2b2763898dfa451e05854fe476b360e5889caaf58f42c941f78a1e9385b3e0b0d3752b8777

  • SSDEEP

    12288:2/XPRr7jlWuyfvHv4HOo9TfC/lIWrpcUx2gluSzTSqFQalf:2/5/U/fvgHOoNfCiWl7zuShQalf

Score
10/10
remcosdiscoverypersistencerat

Malware Config

Targets

    • Target

      cba17390b59f3c9380e24455c440d3eb_JaffaCakes118

    • Size

      584KB

    • MD5

      cba17390b59f3c9380e24455c440d3eb

    • SHA1

      f3544f292336cf0f6e3a6163ccfda6ae6ed442b6

    • SHA256

      3102123a62009a62e4a75da567d6b65abd2de23c739cba7486dff4337927fec4

    • SHA512

      b3a5084bc86b9640b68240e60b9328d3a4d09765720a44722e593c2b2763898dfa451e05854fe476b360e5889caaf58f42c941f78a1e9385b3e0b0d3752b8777

    • SSDEEP

      12288:2/XPRr7jlWuyfvHv4HOo9TfC/lIWrpcUx2gluSzTSqFQalf:2/5/U/fvgHOoNfCiWl7zuShQalf

    Score
    10/10
    remcosdiscoverypersistencerat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks