Overview

overview

10

Static

static

3

ef3967ac28...18.exe

windows7-x64

10

ef3967ac28...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ef3967ac2859ead45eec9cd5e8c39e3e_JaffaCakes118

  • Size

    544KB

  • Sample

    240921-g46znsyfll

  • MD5

    ef3967ac2859ead45eec9cd5e8c39e3e

  • SHA1

    1051ab4b858f3350228954305bea2fbc1db3e210

  • SHA256

    cee279204b9fc45dae530e1a4276ec6475d258e6e788e7c902fd066c5ec4cad0

  • SHA512

    284ce92f4acb1131fed3627986c3849bdd280c372d6dc087cccec38e8ab909de17b5be454513b5cb2e3ee8129acbe345115c42e7e3e1e659f8b02e236eafd5b2

  • SSDEEP

    6144:mKlaXKNcgCtFP/S0Tl2LzkMTPLNtN6efcZLh+yQTfrgK37T35bCvgm7:a6NcPF/ScEkcNrfct0970uT35

Score
10/10
remcosdiscoverypersistencerat

Malware Config

Targets

    • Target

      ef3967ac2859ead45eec9cd5e8c39e3e_JaffaCakes118

    • Size

      544KB

    • MD5

      ef3967ac2859ead45eec9cd5e8c39e3e

    • SHA1

      1051ab4b858f3350228954305bea2fbc1db3e210

    • SHA256

      cee279204b9fc45dae530e1a4276ec6475d258e6e788e7c902fd066c5ec4cad0

    • SHA512

      284ce92f4acb1131fed3627986c3849bdd280c372d6dc087cccec38e8ab909de17b5be454513b5cb2e3ee8129acbe345115c42e7e3e1e659f8b02e236eafd5b2

    • SSDEEP

      6144:mKlaXKNcgCtFP/S0Tl2LzkMTPLNtN6efcZLh+yQTfrgK37T35bCvgm7:a6NcPF/ScEkcNrfct0970uT35

    Score
    10/10
    remcosdiscoverypersistencerat

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks