General
-
Target
ccf9fd46a69a406c6a58f5159b329965_JaffaCakes118
-
Size
556KB
-
Sample
240831-rs1zdsyamk
-
MD5
ccf9fd46a69a406c6a58f5159b329965
-
SHA1
3dac39eac3061e2e83d1a07bcdc7bd2a6c025662
-
SHA256
eb49b4f516251a86ef5d49ab634e25e7a1f88a1855cb46799081183048a844ee
-
SHA512
6a9a0dffee79a6435281203f6ebf1e657242dc8a26116d3b21c26f8e58a9d7c967f4fc9d728ef1e72ce5c890a4d1b52d11e379cc8d8389cf4b502c59cd63dbd0
-
SSDEEP
6144:dXGR7onTiRtFc4EhQfIytKzSzLjCUBkNG7NgY1MW2wiWQD9+Wjc:dg7oItFNfIyt3BuMNgY1M0iW/W
Malware Config
Targets
-
-
Target
ccf9fd46a69a406c6a58f5159b329965_JaffaCakes118
-
Size
556KB
-
MD5
ccf9fd46a69a406c6a58f5159b329965
-
SHA1
3dac39eac3061e2e83d1a07bcdc7bd2a6c025662
-
SHA256
eb49b4f516251a86ef5d49ab634e25e7a1f88a1855cb46799081183048a844ee
-
SHA512
6a9a0dffee79a6435281203f6ebf1e657242dc8a26116d3b21c26f8e58a9d7c967f4fc9d728ef1e72ce5c890a4d1b52d11e379cc8d8389cf4b502c59cd63dbd0
-
SSDEEP
6144:dXGR7onTiRtFc4EhQfIytKzSzLjCUBkNG7NgY1MW2wiWQD9+Wjc:dg7oItFNfIyt3BuMNgY1M0iW/W
Score10/10-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-