General
-
Target
d28f5e69950f64cac9e022fad2171b26_JaffaCakes118
-
Size
196KB
-
Sample
240907-wyqstszdlc
-
MD5
d28f5e69950f64cac9e022fad2171b26
-
SHA1
bf578f1b87c9826ffca611a58fa831b2e8732bb9
-
SHA256
2fad5192692c080dd477ed2ba9b36585fe6b59dc3467232b172ed5f959c90b65
-
SHA512
d2b420a7351356430ce4712e74c27fc1f8bf3fc592395240cd606233500b50689dcb1c7b5d8399ba4f126ab5b0eaa7f6174ef0c622161c430eb466383faa967e
-
SSDEEP
6144:+f80VIoP6JGZdcYfeb74ePLOza8o2VHf:+fXVrYGbneb8sO2lKf
Malware Config
Targets
-
-
Target
d28f5e69950f64cac9e022fad2171b26_JaffaCakes118
-
Size
196KB
-
MD5
d28f5e69950f64cac9e022fad2171b26
-
SHA1
bf578f1b87c9826ffca611a58fa831b2e8732bb9
-
SHA256
2fad5192692c080dd477ed2ba9b36585fe6b59dc3467232b172ed5f959c90b65
-
SHA512
d2b420a7351356430ce4712e74c27fc1f8bf3fc592395240cd606233500b50689dcb1c7b5d8399ba4f126ab5b0eaa7f6174ef0c622161c430eb466383faa967e
-
SSDEEP
6144:+f80VIoP6JGZdcYfeb74ePLOza8o2VHf:+fXVrYGbneb8sO2lKf
Score10/10-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1