Overview

overview

10

Static

static

3

d087f8dd1e...18.exe

windows7-x64

10

d087f8dd1e...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d087f8dd1e7e70b3ffbd788caf011d2e_JaffaCakes118

  • Size

    216KB

  • Sample

    240906-1vv1lazejj

  • MD5

    d087f8dd1e7e70b3ffbd788caf011d2e

  • SHA1

    f0877184e79cb28125506f924e621161daaa17ba

  • SHA256

    2003cb7cc8d8262b7975fcf9a2a9eb2b1aa7de32a5baffd2383ec4c251316ec9

  • SHA512

    a3f51b4a77f73ddc38b46a32dc0c10ea0ac485adae41a03f239f8ce90b5164020ff7f3709637c06e329a6e3513d0c745c8851b2e323a2d8abf8eb7fffe8261eb

  • SSDEEP

    3072:wzOZ5jj/J/c65GYLBV4IBPm5Ihwv/Idf8HRS6c6yhBzS3MHpQx9XEHMt:3Z5jj9c6ZFXPm5h3IdfyR1WBzSNW

Score
10/10
remcosdiscoverypersistencerat

Malware Config

Targets

    • Target

      d087f8dd1e7e70b3ffbd788caf011d2e_JaffaCakes118

    • Size

      216KB

    • MD5

      d087f8dd1e7e70b3ffbd788caf011d2e

    • SHA1

      f0877184e79cb28125506f924e621161daaa17ba

    • SHA256

      2003cb7cc8d8262b7975fcf9a2a9eb2b1aa7de32a5baffd2383ec4c251316ec9

    • SHA512

      a3f51b4a77f73ddc38b46a32dc0c10ea0ac485adae41a03f239f8ce90b5164020ff7f3709637c06e329a6e3513d0c745c8851b2e323a2d8abf8eb7fffe8261eb

    • SSDEEP

      3072:wzOZ5jj/J/c65GYLBV4IBPm5Ihwv/Idf8HRS6c6yhBzS3MHpQx9XEHMt:3Z5jj9c6ZFXPm5h3IdfyR1WBzSNW

    Score
    10/10
    remcosdiscoverypersistencerat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks