General
-
Target
e1719ee53cad171914f93ac0fe8b4fa2_JaffaCakes118
-
Size
186KB
-
Sample
240915-by7q5ayfjh
-
MD5
e1719ee53cad171914f93ac0fe8b4fa2
-
SHA1
e54a178ba5fa279a9e3e863d227ca812212165dd
-
SHA256
a766332dd4b26a623e341d03845c394209dedc3557d7bbb3c6a2edeeb9eadbeb
-
SHA512
e8f5eb916c75e4d7d1dc2002e68196d50ca7ac725732573a321e42f454929dde355eb8b43af06b0471d8009511c9ac4101302ac246c967898c2cd4a385c46908
-
SSDEEP
3072:BpVHfZQmr9E38gcCgoQZZw6RyP6dpVDYokEv3bbZC1xNfLG:Bp2ACzQfw6yspFYokEv3bbqxNz
Static task
static1
Behavioral task
behavioral1
Sample
e1719ee53cad171914f93ac0fe8b4fa2_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
e1719ee53cad171914f93ac0fe8b4fa2_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
remcos
2.0.5 Pro
RemoteHost
79.172.242.28:2404
-
audio_folder
audio
-
audio_path
%AppData%
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
5
-
copy_file
remcos.exe
-
copy_folder
remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
install_path
%AppData%
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
keylog_path
%AppData%
-
mouse_option
false
-
mutex
Remcos-NPFNIR
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
Targets
-
-
Target
e1719ee53cad171914f93ac0fe8b4fa2_JaffaCakes118
-
Size
186KB
-
MD5
e1719ee53cad171914f93ac0fe8b4fa2
-
SHA1
e54a178ba5fa279a9e3e863d227ca812212165dd
-
SHA256
a766332dd4b26a623e341d03845c394209dedc3557d7bbb3c6a2edeeb9eadbeb
-
SHA512
e8f5eb916c75e4d7d1dc2002e68196d50ca7ac725732573a321e42f454929dde355eb8b43af06b0471d8009511c9ac4101302ac246c967898c2cd4a385c46908
-
SSDEEP
3072:BpVHfZQmr9E38gcCgoQZZw6RyP6dpVDYokEv3bbZC1xNfLG:Bp2ACzQfw6yspFYokEv3bbqxNz
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-