General

  • Target

    d75805611df55ea0b527e2c8b37be919_JaffaCakes118

  • Size

    1.5MB

  • Sample

    240405-spccasfh73

  • MD5

    d75805611df55ea0b527e2c8b37be919

  • SHA1

    21ebbbeb7c17e86b71dab59f76f3f8b0488e0260

  • SHA256

    51c5f1806361f36e1e82c128b81e0c1f159196896459e3e90e3eb924b1423191

  • SHA512

    e045dfa7357e1b4635fb0e707d07330a6947de6151cc08cf7f113f55a0394e6781335dc81f82763151d760e014223e465de843ac4602dfd08cfc58db7994a619

  • SSDEEP

    24576:SQB+A6iqWYUBH8KkTnitZ21I+Sr7YVmiXwTgzZMYiNpPXO0nF44Ptz1lTfH1kOov:SQB1bwEOwrxiXcY+XOAhfVkUU9

Malware Config

Targets

    • Target

      d75805611df55ea0b527e2c8b37be919_JaffaCakes118

    • Size

      1.5MB

    • MD5

      d75805611df55ea0b527e2c8b37be919

    • SHA1

      21ebbbeb7c17e86b71dab59f76f3f8b0488e0260

    • SHA256

      51c5f1806361f36e1e82c128b81e0c1f159196896459e3e90e3eb924b1423191

    • SHA512

      e045dfa7357e1b4635fb0e707d07330a6947de6151cc08cf7f113f55a0394e6781335dc81f82763151d760e014223e465de843ac4602dfd08cfc58db7994a619

    • SSDEEP

      24576:SQB+A6iqWYUBH8KkTnitZ21I+Sr7YVmiXwTgzZMYiNpPXO0nF44Ptz1lTfH1kOov:SQB1bwEOwrxiXcY+XOAhfVkUU9

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks