Overview

overview

10

Static

static

3

e39631fe80...18.exe

windows7-x64

10

e39631fe80...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e39631fe80afbb62dab1b3c7302f8dba_JaffaCakes118

  • Size

    344KB

  • Sample

    240915-3hrthsydnm

  • MD5

    e39631fe80afbb62dab1b3c7302f8dba

  • SHA1

    a018136af1c0f58633e759b78417b134d1e86725

  • SHA256

    a9ff9a41326c279855caea185b0582337a3fa43141fa0438e14517012f42485a

  • SHA512

    4c23d042c36237e0f561c9588de3484c146f39ea03adcad59f5b144165e513798c3604e43d09ac8251da078ba39d68c065d16056b8d72dd2a88a49e22f65b783

  • SSDEEP

    3072:niyYjwU6pDpp6c/DPZauWGo8LqZArxcjXAvZ4TokBsAmec7GAC////////zhHM:lY6Uc7g8LdtYCs/1Zc7G3

Score
10/10
remcosdiscoverypersistencerat

Malware Config

Targets

    • Target

      e39631fe80afbb62dab1b3c7302f8dba_JaffaCakes118

    • Size

      344KB

    • MD5

      e39631fe80afbb62dab1b3c7302f8dba

    • SHA1

      a018136af1c0f58633e759b78417b134d1e86725

    • SHA256

      a9ff9a41326c279855caea185b0582337a3fa43141fa0438e14517012f42485a

    • SHA512

      4c23d042c36237e0f561c9588de3484c146f39ea03adcad59f5b144165e513798c3604e43d09ac8251da078ba39d68c065d16056b8d72dd2a88a49e22f65b783

    • SSDEEP

      3072:niyYjwU6pDpp6c/DPZauWGo8LqZArxcjXAvZ4TokBsAmec7GAC////////zhHM:lY6Uc7g8LdtYCs/1Zc7G3

    Score
    10/10
    remcosdiscoverypersistencerat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks