General
-
Target
JaffaCakes118_ab56012c39bd81986d6392624a7a968645cc65294d6b37bce884ed3e45d56d5b
-
Size
300.0MB
-
Sample
241224-nwry4sxjbr
-
MD5
576e2763bd4204a46369088e7a09505a
-
SHA1
48c41638957a2eabec298ef6ecd1d85de6d92f95
-
SHA256
ab56012c39bd81986d6392624a7a968645cc65294d6b37bce884ed3e45d56d5b
-
SHA512
7b04d4dc15184040508c39e81f1ddc821eb88c6f24c5d990a67a0aa3ee443156ee8105afe3fedf74f4aa07735fe3efb1b6f828964b0e27c82efbb2a7b91914e4
-
SSDEEP
12288:f1jsCAqYw8N6RFEGf7iW1HXSIE2GwcA4DTqw5mO8CkfnU8GP:djs3qP8NAEGf51HX51cA4fKfU8GP
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_ab56012c39bd81986d6392624a7a968645cc65294d6b37bce884ed3e45d56d5b.exe
Resource
win7-20241023-en
Malware Config
Extracted
remcos
7-5-22
playstachon.duckdns.org:30288
-
audio_folder
MicRecords
-
audio_path
%AppData%
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
true
-
install_flag
false
-
install_path
%AppData%
-
keylog_crypt
true
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
NGINX
-
keylog_path
%AppData%
-
mouse_option
false
-
mutex
xpsie6w@>-H4T1EN
-
screenshot_crypt
true
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
Remcos
-
take_screenshot_option
true
-
take_screenshot_time
5
-
take_screenshot_title
paytrace;globalgateway;firstdata;shopify;chase
Targets
-
-
Target
JaffaCakes118_ab56012c39bd81986d6392624a7a968645cc65294d6b37bce884ed3e45d56d5b
-
Size
300.0MB
-
MD5
576e2763bd4204a46369088e7a09505a
-
SHA1
48c41638957a2eabec298ef6ecd1d85de6d92f95
-
SHA256
ab56012c39bd81986d6392624a7a968645cc65294d6b37bce884ed3e45d56d5b
-
SHA512
7b04d4dc15184040508c39e81f1ddc821eb88c6f24c5d990a67a0aa3ee443156ee8105afe3fedf74f4aa07735fe3efb1b6f828964b0e27c82efbb2a7b91914e4
-
SSDEEP
12288:f1jsCAqYw8N6RFEGf7iW1HXSIE2GwcA4DTqw5mO8CkfnU8GP:djs3qP8NAEGf51HX51cA4fKfU8GP
-
Remcos family
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-