General

  • Target

    e4990c4ac8ac9e2de19747a8e92f6775_JaffaCakes118

  • Size

    4.2MB

  • Sample

    240407-lebvfshg7s

  • MD5

    e4990c4ac8ac9e2de19747a8e92f6775

  • SHA1

    953265787ab6bc22b626dffa446a3532d4587c01

  • SHA256

    b4e4f5ea0b5e483901f1e93322d05e31db806df2149462834833282f63b17704

  • SHA512

    db3b4beb22e1dee2679b92087699d935a3a49df72ad5d83b164cc2fe1944eeb732ed65c9c4f7f6401509796e9abd14502328d425a0eb9718ab0d25ab5e2f5906

  • SSDEEP

    98304:Fx4DkQUNLescOmtb7X57njR6c3NFKYQh9I4:z4DLwcF7ZR6qeZg4

Malware Config

Targets

    • Target

      e4990c4ac8ac9e2de19747a8e92f6775_JaffaCakes118

    • Size

      4.2MB

    • MD5

      e4990c4ac8ac9e2de19747a8e92f6775

    • SHA1

      953265787ab6bc22b626dffa446a3532d4587c01

    • SHA256

      b4e4f5ea0b5e483901f1e93322d05e31db806df2149462834833282f63b17704

    • SHA512

      db3b4beb22e1dee2679b92087699d935a3a49df72ad5d83b164cc2fe1944eeb732ed65c9c4f7f6401509796e9abd14502328d425a0eb9718ab0d25ab5e2f5906

    • SSDEEP

      98304:Fx4DkQUNLescOmtb7X57njR6c3NFKYQh9I4:z4DLwcF7ZR6qeZg4

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks