Overview

overview

10

Static

static

3

d3f6e29489...18.exe

windows7-x64

10

d3f6e29489...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d3f6e294897bbe707073b6711a7ed10a_JaffaCakes118

  • Size

    188KB

  • Sample

    240908-kjypcaydjg

  • MD5

    d3f6e294897bbe707073b6711a7ed10a

  • SHA1

    641346b45971698f552edacccc0f5c8029605fc7

  • SHA256

    53c5366e9c8e85bf7c05fef9fd7a568c29f1873d240c66d1e1c09674f74a2441

  • SHA512

    4e81a3552909e9ea15e4e49de3625a12312dd018c09bac6110d1687f801937898c44aec86e788cabaf7d4cc76218c1f556f4a4ea5ef3014eec41a112677a05b1

  • SSDEEP

    3072:/pchaupnL19s4gk5aDITxNC7fww+OCH9ABON5Cb5X6Rx:mbn7MITxBFndABEkbR6

Score
10/10
remcosdiscoverypersistencerat

Malware Config

Targets

    • Target

      d3f6e294897bbe707073b6711a7ed10a_JaffaCakes118

    • Size

      188KB

    • MD5

      d3f6e294897bbe707073b6711a7ed10a

    • SHA1

      641346b45971698f552edacccc0f5c8029605fc7

    • SHA256

      53c5366e9c8e85bf7c05fef9fd7a568c29f1873d240c66d1e1c09674f74a2441

    • SHA512

      4e81a3552909e9ea15e4e49de3625a12312dd018c09bac6110d1687f801937898c44aec86e788cabaf7d4cc76218c1f556f4a4ea5ef3014eec41a112677a05b1

    • SSDEEP

      3072:/pchaupnL19s4gk5aDITxNC7fww+OCH9ABON5Cb5X6Rx:mbn7MITxBFndABEkbR6

    Score
    10/10
    remcosdiscoverypersistencerat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks