General

  • Target

    JaffaCakes118_683b4a9a7e079c34a44a705f2f76e27b5fb405d526a093c8714c1aa538b90c1e

  • Size

    39KB

  • MD5

    72ba00bd1ad108f9a651c9731f2033ea

  • SHA1

    57f40b6c0252e410c12a9f1451d9ac826b1e73d5

  • SHA256

    683b4a9a7e079c34a44a705f2f76e27b5fb405d526a093c8714c1aa538b90c1e

  • SHA512

    a7ceb6e6d96c852af98ad1a912b8288d9d0dfe93797d005976a88154366d4247c9265903542ac3fd9b2ed98894dd257dae19529c53952566497833241bcd9c0a

  • SSDEEP

    768:Oj0D8QPoxT+fLY4PAsYgEt5BNVNsaDMwpi/4LVnNOMALxPwIZR66:GmXw4Ws1Et5B/NRYefxATZ7

Score
10/10

Malware Config

Extracted

Family

remcos

Version

1.7 Pro

Botnet

Host

C2

192.168.0.18:2404

Attributes
  • audio_folder

    audio

  • audio_path

    %AppData%

  • audio_record_time

    5

  • connect_delay

    60

  • connect_interval

    5

  • copy_file

    remcos.exe

  • copy_folder

    remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    false

  • install_flag

    true

  • install_path

    %AppData%

  • keylog_crypt

    false

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    remcos

  • keylog_path

    %AppData%

  • mouse_option

    false

  • mutex

    remcos_uxbpvpmrobvqvta

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screens

  • screenshot_path

    %AppData%

  • screenshot_time

    1

  • startup_value

    remcos

  • take_screenshot_option

    false

  • take_screenshot_time

    5

Signatures

  • Remcos family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • JaffaCakes118_683b4a9a7e079c34a44a705f2f76e27b5fb405d526a093c8714c1aa538b90c1e
    .zip

    Password: infected

  • 80c124d62b319723e9c873d453db917f5637dc5c028028921b12c4963c63a8ad
    .exe windows:4 windows x86 arch:x86

    d3a62971944197f0701c7049a9c739d1


    Headers

    Imports

    Sections