General
-
Target
cde8f4724ff63b6bbce1276f802dc086_JaffaCakes118
-
Size
326KB
-
Sample
240901-a8psmavglm
-
MD5
cde8f4724ff63b6bbce1276f802dc086
-
SHA1
367baa4718a4a67f4f4db886dd44b0f3455baf61
-
SHA256
5b76e1cf59147f6b4c390dae52a7c3564940fdd3d169a25336a616057c7e5711
-
SHA512
5454ae9144ad5f9bdb1f743d9f2b75ddd234f16aa4339344ad7e99947d010d918d019f06e37ab501af4f49dc71a1723f81bb6f6466d839385a9985cfb0e31675
-
SSDEEP
6144:4TMdFc8MlldY3QWalREeD4yyfIVtAvH+V71lGVwykXCLGNVfNDs8UuD7QGTI:4h84Y3QWex4yygVtWedG6yknVfNDs8lk
Static task
static1
Behavioral task
behavioral1
Sample
DHLDELIVERYNOTIFICATIONPDF.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
DHLDELIVERYNOTIFICATIONPDF.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
remcos
2.6.0 Pro
RemoteHost
79.134.225.12:60256
-
audio_folder
MicRecords
-
audio_path
%AppData%
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
true
-
install_flag
false
-
install_path
%AppData%
-
keylog_crypt
true
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
gate
-
keylog_path
%AppData%
-
mouse_option
false
-
mutex
Remcos-IIRGSS
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
Remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
-
take_screenshot_title
wikipedia;solitaire;
Targets
-
-
Target
DHLDELIVERYNOTIFICATIONPDF.exe
-
Size
524KB
-
MD5
669d64c3272ef39b87b0df6cf2972992
-
SHA1
36d60c17ff65404b60b32ebe7aa368e1824071a0
-
SHA256
667ac06930c81f8234a56babda66be893bc2b8b865aa1db910fa5b85429ff90d
-
SHA512
61901446c9544eab70f44150d37dfca1106c22335763fc6846b9332bad39ee7700c106e250f866e55055444db72eb0905d0cfb336baee6a6d5da3e7c99d8f6c7
-
SSDEEP
6144:+WMFb/Pv2zstE1gT91qqUfk9TNRs0LT5H7qwpz/LYzlrvLqCNLfSRHa:+BPv2zv1gZ1qDfk9h20LTl+EYJHSRHa
Score10/10-
Suspicious use of SetThreadContext
-