General

  • Target

    e1719ee53cad171914f93ac0fe8b4fa2_JaffaCakes118

  • Size

    186KB

  • Sample

    240915-by7q5ayfjh

  • MD5

    e1719ee53cad171914f93ac0fe8b4fa2

  • SHA1

    e54a178ba5fa279a9e3e863d227ca812212165dd

  • SHA256

    a766332dd4b26a623e341d03845c394209dedc3557d7bbb3c6a2edeeb9eadbeb

  • SHA512

    e8f5eb916c75e4d7d1dc2002e68196d50ca7ac725732573a321e42f454929dde355eb8b43af06b0471d8009511c9ac4101302ac246c967898c2cd4a385c46908

  • SSDEEP

    3072:BpVHfZQmr9E38gcCgoQZZw6RyP6dpVDYokEv3bbZC1xNfLG:Bp2ACzQfw6yspFYokEv3bbqxNz

Malware Config

Extracted

Family

remcos

Version

2.0.5 Pro

Botnet

RemoteHost

C2

79.172.242.28:2404

Attributes
  • audio_folder

    audio

  • audio_path

    %AppData%

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    5

  • copy_file

    remcos.exe

  • copy_folder

    remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    false

  • install_path

    %AppData%

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    remcos

  • keylog_path

    %AppData%

  • mouse_option

    false

  • mutex

    Remcos-NPFNIR

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • startup_value

    remcos

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Targets

    • Target

      e1719ee53cad171914f93ac0fe8b4fa2_JaffaCakes118

    • Size

      186KB

    • MD5

      e1719ee53cad171914f93ac0fe8b4fa2

    • SHA1

      e54a178ba5fa279a9e3e863d227ca812212165dd

    • SHA256

      a766332dd4b26a623e341d03845c394209dedc3557d7bbb3c6a2edeeb9eadbeb

    • SHA512

      e8f5eb916c75e4d7d1dc2002e68196d50ca7ac725732573a321e42f454929dde355eb8b43af06b0471d8009511c9ac4101302ac246c967898c2cd4a385c46908

    • SSDEEP

      3072:BpVHfZQmr9E38gcCgoQZZw6RyP6dpVDYokEv3bbZC1xNfLG:Bp2ACzQfw6yspFYokEv3bbqxNz

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.