Overview

overview

10

Static

static

7

Launcher.exe

windows7-x64

10

Launcher.exe

windows10-2004-x64

10

module.dll

windows7-x64

1

module.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fd4f497ac543872f1177e887d0331447_JaffaCakes118

  • Size

    1014KB

  • Sample

    240928-2wv8essfpd

  • MD5

    fd4f497ac543872f1177e887d0331447

  • SHA1

    af0b8ab0a3a55bf64afa31cfa4d24ae47d892686

  • SHA256

    d8457ca03fe0b01679373027ada4a1fce826baf104b5ae36834052508735d5bd

  • SHA512

    c7ab0d8193a89aecaccb89ed70071eb7bba4795293a9f1a0d3fe00d73ccdfc7657aa6727289963d29504725933385ec89317e636eba11259ff7aec8eea5e576d

  • SSDEEP

    24576:2wW7+aWo2T8X5Bh50RBEyQFEP0WtbuqkiLTmB:9k+Snh50RBKFwjkiLaB

Score
10/10
remcosdiscoveryevasionpersistenceratvmprotect

Malware Config

Targets

    • Target

      Launcher.exe

    • Size

      1.0MB

    • MD5

      389e49fd591fbdbe272575573a922085

    • SHA1

      2145dacbed53f6b64ea96938cff8758531961c1a

    • SHA256

      24191589d733c928bce4654a950c0f6bd02b6675a78e47e22893e72d27067264

    • SHA512

      74b957d349a3241143525a6085372b8131551de3c1df25b61dc4fbbb74a868234cb36c32db14a61ab6eb516258a85d551956c408e20c0523eaa7e8e1d2b19bd4

    • SSDEEP

      24576:82+IxnXZC4MQdHAsU/O552srSCbBJwNQEwTtaMmVL:uIByQhK/Og6BKNQkdl

    Score
    10/10
    remcosdiscoveryevasionpersistenceratvmprotect

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

    • Target

      module.dll

    • Size

      1.1MB

    • MD5

      d46ca370ce03fc65157dd97de74571f4

    • SHA1

      3cc1ee33e78baf1834da8ef0fedd24a189c44d83

    • SHA256

      6168921e5d72ef8f98b0e05f689d1b34194b56047fbb74e641f027b98c0242f6

    • SHA512

      a8398a80d38d3ce8a0eb105698bc19f0b2d49558f727b75a1afc476ef4bf7febc41ef6dca67cd0a953c04943fcedb7bf2d2fac81e9c0995bee3e2d8bbcbd6baa

    • SSDEEP

      3072:Lxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxd:N

    Score
    1/10
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks