Overview

overview

10

Static

static

3

e7ec6ce304...18.exe

windows7-x64

10

e7ec6ce304...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e7ec6ce304692376c197e160391a3976_JaffaCakes118

  • Size

    831KB

  • Sample

    240917-3qsqsa1dnh

  • MD5

    e7ec6ce304692376c197e160391a3976

  • SHA1

    06f0087345519cd758df961b92b2db60ee6cf576

  • SHA256

    6dd1ac3323dd26acba0e07e45f302deb1be4cc317441e0a2134a9865bc0b8776

  • SHA512

    03046f1ab7f5cc91b91083963338d1c1e61ec6f1701ea2aa9734e7a3fe787a0c60f823376ba45c72e96ebe821e5997944ddb1ae02cbe5cb90f3153d70eee9db2

  • SSDEEP

    12288:iK2mhAMJ/cPlWwImnYo8Sh+Ehv/E95WIptpKDWIQOCLsn2lwnlZwL0ZApuA3bDt4:D2O/GllnY5qpv/ETpJOCLs2lQlZP694

Score
10/10
remcosdiscoverypersistencerat

Malware Config

Targets

    • Target

      e7ec6ce304692376c197e160391a3976_JaffaCakes118

    • Size

      831KB

    • MD5

      e7ec6ce304692376c197e160391a3976

    • SHA1

      06f0087345519cd758df961b92b2db60ee6cf576

    • SHA256

      6dd1ac3323dd26acba0e07e45f302deb1be4cc317441e0a2134a9865bc0b8776

    • SHA512

      03046f1ab7f5cc91b91083963338d1c1e61ec6f1701ea2aa9734e7a3fe787a0c60f823376ba45c72e96ebe821e5997944ddb1ae02cbe5cb90f3153d70eee9db2

    • SSDEEP

      12288:iK2mhAMJ/cPlWwImnYo8Sh+Ehv/E95WIptpKDWIQOCLsn2lwnlZwL0ZApuA3bDt4:D2O/GllnY5qpv/ETpJOCLs2lQlZP694

    Score
    10/10
    remcosdiscoverypersistencerat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks