General
-
Target
cd748ade3eff33111ca21fb55affdff7_JaffaCakes118
-
Size
830KB
-
Sample
240831-x8f7ta1enj
-
MD5
cd748ade3eff33111ca21fb55affdff7
-
SHA1
c3e27733fe98e935ac64069095fd665b27fd53d0
-
SHA256
3359753006097912e587ebde35140efeee739514850ddc62f8bc232afb504a06
-
SHA512
93c379a71d131d4a00215eb1e504e52f53dca88668ff63cd14f183e470f6cb2e816795011ccc4f2c1d27992d9ef829fdf9ed211b6d53950ae8f5b2d691d24f36
-
SSDEEP
24576:f2O/GlFjmOFuZMABoXrOCLs2lQlZP69CK:ui/loXuri9z
Malware Config
Targets
-
-
Target
cd748ade3eff33111ca21fb55affdff7_JaffaCakes118
-
Size
830KB
-
MD5
cd748ade3eff33111ca21fb55affdff7
-
SHA1
c3e27733fe98e935ac64069095fd665b27fd53d0
-
SHA256
3359753006097912e587ebde35140efeee739514850ddc62f8bc232afb504a06
-
SHA512
93c379a71d131d4a00215eb1e504e52f53dca88668ff63cd14f183e470f6cb2e816795011ccc4f2c1d27992d9ef829fdf9ed211b6d53950ae8f5b2d691d24f36
-
SSDEEP
24576:f2O/GlFjmOFuZMABoXrOCLs2lQlZP69CK:ui/loXuri9z
Score10/10-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-