Overview

overview

10

Static

static

3

d4cea4f4a1...18.exe

windows7-x64

10

d4cea4f4a1...18.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d4cea4f4a1e918f767aee391b8a506c3_JaffaCakes118

  • Size

    832KB

  • Sample

    240908-t6k67syfqa

  • MD5

    d4cea4f4a1e918f767aee391b8a506c3

  • SHA1

    8723b64d84b6b3dac418c5bd1c53aae3bace7707

  • SHA256

    3c1cc66e23d1fec130e329ab2f07c454dc2f2a1d10647b296e65bc2e10448ab8

  • SHA512

    bd949f5e1fbcd41f38de8b8df356b78296e34ea180f8580c490ad3ca67183a664c1b77f0610fb204906c0a51ccc00e9fd6312636d51cbb6c52baeae8751f89ab

  • SSDEEP

    12288:SK2mhAMJ/cPl0wImAmbZQBzPDuHZWUNzkkHEqulmSBIQOCLsn2lwnlZwL0ZApuA2:T2O/GlPAmYSMU+kk9HOCLs2lQlZP69ih

Score
10/10
remcosdiscoverypersistencerat

Malware Config

Targets

    • Target

      d4cea4f4a1e918f767aee391b8a506c3_JaffaCakes118

    • Size

      832KB

    • MD5

      d4cea4f4a1e918f767aee391b8a506c3

    • SHA1

      8723b64d84b6b3dac418c5bd1c53aae3bace7707

    • SHA256

      3c1cc66e23d1fec130e329ab2f07c454dc2f2a1d10647b296e65bc2e10448ab8

    • SHA512

      bd949f5e1fbcd41f38de8b8df356b78296e34ea180f8580c490ad3ca67183a664c1b77f0610fb204906c0a51ccc00e9fd6312636d51cbb6c52baeae8751f89ab

    • SSDEEP

      12288:SK2mhAMJ/cPl0wImAmbZQBzPDuHZWUNzkkHEqulmSBIQOCLsn2lwnlZwL0ZApuA2:T2O/GlPAmYSMU+kk9HOCLs2lQlZP69ih

    Score
    10/10
    remcosdiscoverypersistencerat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks