Overview

overview

10

Static

static

5

JaffaCakes...43.zip

windows7-x64

JaffaCakes...43.zip

windows10-2004-x64

JaffaCakes...43.zip

android-10-x64

JaffaCakes...43.zip

android-13-x64

JaffaCakes...43.zip

macos-10.15-amd64

JaffaCakes...43.zip

ubuntu-18.04-amd64

JaffaCakes...43.zip

debian-9-armhf

JaffaCakes...43.zip

debian-9-mips

JaffaCakes...43.zip

debian-9-mipsel

2ef1aedbfa...a7.exe

windows7-x64

10

2ef1aedbfa...a7.exe

windows10-2004-x64

10

2ef1aedbfa...a7.exe

android-10-x64

2ef1aedbfa...a7.exe

android-13-x64

2ef1aedbfa...a7.exe

macos-10.15-amd64

2ef1aedbfa...a7.exe

ubuntu-18.04-amd64

2ef1aedbfa...a7.exe

debian-9-armhf

2ef1aedbfa...a7.exe

debian-9-mips

2ef1aedbfa...a7.exe

debian-9-mipsel

Resubmissions

17/01/2025, 13:41 UTC

250117-qy3vha1jen 10

24/12/2024, 18:03 UTC

241224-wm54datje1 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_9273e6c9157cc1846b6b236bc59914161ec91fdfdfe1979090bfabdf0ad06543

  • Size

    1.7MB

  • Sample

    250117-qy3vha1jen

  • MD5

    82b480305f0c36eb7d7e72f00125bb82

  • SHA1

    9af3302581d53e0eafd60c5f56cf3bac2198ab16

  • SHA256

    9273e6c9157cc1846b6b236bc59914161ec91fdfdfe1979090bfabdf0ad06543

  • SHA512

    026b8a61286b1d0913be87fa9807a11b2c31f55c806ce011e17d3352da97ef212032b2bec45ec7acc4f4d8c5b09457754b86b0718ef5c07cf7fdaee6b4d4b985

  • SSDEEP

    24576:AYPei+Hwo+bgwhHx2GQf6fSWnYfUjaaBqiJaHhdFjcCSVA86KfRduholMjkMh/s9:ABi+ZdwhHx2X/WnYtrAYjnynTOR67

Score
10/10
remcoswebmonitorremotehostandroidbackdoordiscoveryinfostealerlinklinuxmacospdfpersistenceratupx

Malware Config

Extracted

Family

remcos

Version

2.3.0 Pro

Botnet

RemoteHost

C2

daya4659.ddns.net:8282

Attributes
  • audio_folder

    MicRecords

  • audio_path

    %AppData%

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    3

  • copy_file

    remcos.exe

  • copy_folder

    remcos

  • delete_file

    false

  • hide_file

    true

  • hide_keylog_file

    true

  • install_flag

    true

  • install_path

    %AppData%

  • keylog_crypt

    true

  • keylog_file

    logs.dat

  • keylog_flag

    false

  • keylog_folder

    remcos

  • keylog_path

    %AppData%

  • mouse_option

    false

  • mutex

    Remcos-S1KNPZ

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • startup_value

    remcos

  • take_screenshot_option

    false

  • take_screenshot_time

    5

  • take_screenshot_title

    wikipedia;solitaire;

Extracted

Family

webmonitor

C2

snpandey4659.wm01.to:443

Attributes
  • config_key

    sFitr5r1ExCJl86X6inyc4qxlzwyw8fK

  • private_key

    t1wG88poq

  • url_path

    /recv4.php

Targets

    • Target

      JaffaCakes118_9273e6c9157cc1846b6b236bc59914161ec91fdfdfe1979090bfabdf0ad06543

    • Size

      1.7MB

    • MD5

      82b480305f0c36eb7d7e72f00125bb82

    • SHA1

      9af3302581d53e0eafd60c5f56cf3bac2198ab16

    • SHA256

      9273e6c9157cc1846b6b236bc59914161ec91fdfdfe1979090bfabdf0ad06543

    • SHA512

      026b8a61286b1d0913be87fa9807a11b2c31f55c806ce011e17d3352da97ef212032b2bec45ec7acc4f4d8c5b09457754b86b0718ef5c07cf7fdaee6b4d4b985

    • SSDEEP

      24576:AYPei+Hwo+bgwhHx2GQf6fSWnYfUjaaBqiJaHhdFjcCSVA86KfRduholMjkMh/s9:ABi+ZdwhHx2X/WnYtrAYjnynTOR67

    Score
    3/10
    discovery
    behavioral1behavioral2behavioral3behavioral4behavioral5behavioral6behavioral7behavioral8behavioral9

    • Target

      2ef1aedbfa1d92513e8a45015b59cdd649eb7aac25e420b18c5d564c30066ea7

    • Size

      2.9MB

    • MD5

      21948d42c2c1e49cadea88e80dfe6880

    • SHA1

      d7f6837f76f3785eef87048c4a28c4b664f99dbd

    • SHA256

      2ef1aedbfa1d92513e8a45015b59cdd649eb7aac25e420b18c5d564c30066ea7

    • SHA512

      14054453d259e53d88881a6b50061960befc06309fc14d1f557d5cb3cbc2ac7e855a805cc483915e8b5ce737c328dd03a8cfbc9a68a670e0238896009befa863

    • SSDEEP

      49152:hh+ZkldoPK8Yad7cwj644Mh+ZkldoPK8YaLDNcm:C2cPK8YwjE2cPK8f

    Score
    10/10
    remcosremotehostdiscoverylinkpdfpersistenceratwebmonitorbackdoorinfostealerupx

    • Remcos

      Remcos is a closed-source remote control and surveillance software.

      ratremcos

    • Remcos family

      remcos

    • RevcodeRat, WebMonitorRat

      WebMonitor is a remote access tool that you can use from any browser access to control, and monitor your phones, or PCs.

      backdoorratinfostealerwebmonitor

    • WebMonitor payload

    • Webmonitor family

      webmonitor

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Adds Run key to start application

      persistence

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral10behavioral11behavioral12behavioral13behavioral14behavioral15behavioral16behavioral17behavioral18

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.