General

  • Target

    cde8f4724ff63b6bbce1276f802dc086_JaffaCakes118

  • Size

    326KB

  • Sample

    240901-a8psmavglm

  • MD5

    cde8f4724ff63b6bbce1276f802dc086

  • SHA1

    367baa4718a4a67f4f4db886dd44b0f3455baf61

  • SHA256

    5b76e1cf59147f6b4c390dae52a7c3564940fdd3d169a25336a616057c7e5711

  • SHA512

    5454ae9144ad5f9bdb1f743d9f2b75ddd234f16aa4339344ad7e99947d010d918d019f06e37ab501af4f49dc71a1723f81bb6f6466d839385a9985cfb0e31675

  • SSDEEP

    6144:4TMdFc8MlldY3QWalREeD4yyfIVtAvH+V71lGVwykXCLGNVfNDs8UuD7QGTI:4h84Y3QWex4yygVtWedG6yknVfNDs8lk

Malware Config

Extracted

Family

remcos

Version

2.6.0 Pro

Botnet

RemoteHost

C2

79.134.225.12:60256

Attributes
  • audio_folder

    MicRecords

  • audio_path

    %AppData%

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    1

  • copy_file

    remcos.exe

  • copy_folder

    Remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    true

  • install_flag

    false

  • install_path

    %AppData%

  • keylog_crypt

    true

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    gate

  • keylog_path

    %AppData%

  • mouse_option

    false

  • mutex

    Remcos-IIRGSS

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • startup_value

    Remcos

  • take_screenshot_option

    false

  • take_screenshot_time

    5

  • take_screenshot_title

    wikipedia;solitaire;

Targets

    • Target

      DHLDELIVERYNOTIFICATIONPDF.exe

    • Size

      524KB

    • MD5

      669d64c3272ef39b87b0df6cf2972992

    • SHA1

      36d60c17ff65404b60b32ebe7aa368e1824071a0

    • SHA256

      667ac06930c81f8234a56babda66be893bc2b8b865aa1db910fa5b85429ff90d

    • SHA512

      61901446c9544eab70f44150d37dfca1106c22335763fc6846b9332bad39ee7700c106e250f866e55055444db72eb0905d0cfb336baee6a6d5da3e7c99d8f6c7

    • SSDEEP

      6144:+WMFb/Pv2zstE1gT91qqUfk9TNRs0LT5H7qwpz/LYzlrvLqCNLfSRHa:+BPv2zv1gZ1qDfk9h20LTl+EYJHSRHa

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.