General
-
Target
JaffaCakes118_1a6f2e5d65e1996aa473c9ca5a5ac7bb9575a5d22afb45717f971e6bf04817ed
-
Size
3.1MB
-
Sample
241224-nsymgswnfx
-
MD5
077a624c868cd42501b16e60fc6a8131
-
SHA1
7f7977a5ceaca7f963f1969209026945644c8b2e
-
SHA256
1a6f2e5d65e1996aa473c9ca5a5ac7bb9575a5d22afb45717f971e6bf04817ed
-
SHA512
1fde2b9e680ab327202fe48d47f20565e0c99c820a51a4eb91c249f4f68a69a7a4e8adb53656d8239e39a02cfbb6cec21921df826c6a298c9892fc56a73a97a7
-
SSDEEP
98304:2ZNVPmPNPCqESHslE1Xg3M9LKHe5H2Xrpxuy:21u16qhSDHeqrpn
Static task
static1
Behavioral task
behavioral1
Sample
OverdriveNTool_0.2.9/OverdriveNTool.exe
Resource
win7-20240903-en
Malware Config
Extracted
remcos
2.6.0 Pro
�����
37.1.206.16:5757
-
audio_folder
MicRecords
-
audio_path
%AppData%
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
Windows.exe
-
copy_folder
Temp
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
install_path
%AppData%
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
keylog_path
%AppData%
-
mouse_option
false
-
mutex
13asdadsSDSSDSDSD12132az-BMS9FK
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
Defender
-
take_screenshot_option
false
-
take_screenshot_time
5
-
take_screenshot_title
wikipedia;solitaire;
Targets
-
-
Target
OverdriveNTool_0.2.9/OverdriveNTool.exe
-
Size
2.9MB
-
MD5
b64dbdbb60d0edab5bf3608d9973d7b5
-
SHA1
470ec316274648567965ac7912cb8fbfc5763c47
-
SHA256
731f26f74722af06e463904102705bc856f20852faecb08b5fda6b7bc0e5539c
-
SHA512
2d21e148db3e5a60075609ca0b4e5cabba7bf15299ed49ebe81f73844440090f8d935e919e2e7368927890b4d51514518bf9467ab01a1db0a3bbae50153719a9
-
SSDEEP
49152:gLJwSihjOb6GLb4SKEs3DyOMC2DlUt0+yO3A32ASNTvM0:cwSi0b67zeCzt0+yO3kSf
-
Remcos family
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-