General
-
Target
d1e4c268f8ec84bfdfd8f951d5a1c310_JaffaCakes118
-
Size
831KB
-
Sample
240907-n89ppatela
-
MD5
d1e4c268f8ec84bfdfd8f951d5a1c310
-
SHA1
b679289ea8c31113785d1f01ddbca7f687f789db
-
SHA256
1b706da8509f6b37ff99956cb162005095776bab1480f702e7fb7b7dff5d2137
-
SHA512
e7236bfec1966a3414c9baf8666c2fd82fccd519a899049f6a65d0b8f87bde43a92782a84d69be24d8ebc5e980e4aafd66538323ce33857c6eb357749220baa1
-
SSDEEP
24576:/2O/GlLNIcBZ4ouo26MZrOCLs2lQlZP69YX:knZmZHuri9A
Malware Config
Targets
-
-
Target
d1e4c268f8ec84bfdfd8f951d5a1c310_JaffaCakes118
-
Size
831KB
-
MD5
d1e4c268f8ec84bfdfd8f951d5a1c310
-
SHA1
b679289ea8c31113785d1f01ddbca7f687f789db
-
SHA256
1b706da8509f6b37ff99956cb162005095776bab1480f702e7fb7b7dff5d2137
-
SHA512
e7236bfec1966a3414c9baf8666c2fd82fccd519a899049f6a65d0b8f87bde43a92782a84d69be24d8ebc5e980e4aafd66538323ce33857c6eb357749220baa1
-
SSDEEP
24576:/2O/GlLNIcBZ4ouo26MZrOCLs2lQlZP69YX:knZmZHuri9A
Score10/10-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-