General
-
Target
e4990c4ac8ac9e2de19747a8e92f6775_JaffaCakes118
-
Size
4.2MB
-
Sample
240407-lebvfshg7s
-
MD5
e4990c4ac8ac9e2de19747a8e92f6775
-
SHA1
953265787ab6bc22b626dffa446a3532d4587c01
-
SHA256
b4e4f5ea0b5e483901f1e93322d05e31db806df2149462834833282f63b17704
-
SHA512
db3b4beb22e1dee2679b92087699d935a3a49df72ad5d83b164cc2fe1944eeb732ed65c9c4f7f6401509796e9abd14502328d425a0eb9718ab0d25ab5e2f5906
-
SSDEEP
98304:Fx4DkQUNLescOmtb7X57njR6c3NFKYQh9I4:z4DLwcF7ZR6qeZg4
Behavioral task
behavioral1
Sample
e4990c4ac8ac9e2de19747a8e92f6775_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
e4990c4ac8ac9e2de19747a8e92f6775_JaffaCakes118
-
Size
4.2MB
-
MD5
e4990c4ac8ac9e2de19747a8e92f6775
-
SHA1
953265787ab6bc22b626dffa446a3532d4587c01
-
SHA256
b4e4f5ea0b5e483901f1e93322d05e31db806df2149462834833282f63b17704
-
SHA512
db3b4beb22e1dee2679b92087699d935a3a49df72ad5d83b164cc2fe1944eeb732ed65c9c4f7f6401509796e9abd14502328d425a0eb9718ab0d25ab5e2f5906
-
SSDEEP
98304:Fx4DkQUNLescOmtb7X57njR6c3NFKYQh9I4:z4DLwcF7ZR6qeZg4
-
SectopRAT payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-