General

  • Target

    f1b681a4165d8a0c30b284a55d474366_JaffaCakes118

  • Size

    336KB

  • Sample

    241215-b5fwzsslek

  • MD5

    f1b681a4165d8a0c30b284a55d474366

  • SHA1

    a853246ee60381eadd930c4e3d390ea71cbb95d9

  • SHA256

    e31fd278c3cfd7c89a35f170b7b7d25c563dc57667c08229732f36061f8fd4ec

  • SHA512

    f953b3ad0ececf98a9573bfd0ae20c5996cbaca9487f0742103fb17906e9f826cac85d44d2f0ef20310248fdf44a5cb47f800762fc1b9212ed7fedfd3a124f02

  • SSDEEP

    6144:t8Hk8eC/39oZ12dRmN5IPL0pHZzoDsgP56rSiN96fglN:l8g12dRP8HZcDBRCJCe

Malware Config

Targets

    • Target

      f1b681a4165d8a0c30b284a55d474366_JaffaCakes118

    • Size

      336KB

    • MD5

      f1b681a4165d8a0c30b284a55d474366

    • SHA1

      a853246ee60381eadd930c4e3d390ea71cbb95d9

    • SHA256

      e31fd278c3cfd7c89a35f170b7b7d25c563dc57667c08229732f36061f8fd4ec

    • SHA512

      f953b3ad0ececf98a9573bfd0ae20c5996cbaca9487f0742103fb17906e9f826cac85d44d2f0ef20310248fdf44a5cb47f800762fc1b9212ed7fedfd3a124f02

    • SSDEEP

      6144:t8Hk8eC/39oZ12dRmN5IPL0pHZzoDsgP56rSiN96fglN:l8g12dRP8HZcDBRCJCe

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

    • Remcos family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks