General
-
Target
fa44a0222a7758ec447bf88f7b9a1f77_JaffaCakes118
-
Size
2.4MB
-
Sample
240419-pcwnmabd33
-
MD5
fa44a0222a7758ec447bf88f7b9a1f77
-
SHA1
9b3d39a84e806681ebc012db7a56fa428f6e9554
-
SHA256
bac8573eb21fb565b9ff2516aeff93747ed35736a33969621facc9c6f9d4b2f9
-
SHA512
62a6b4d3d01097b5ba641763c9cf00c4bbe566bb0671c11cdf38310ff274d362c6449ef42d50755bd382c1d32af4cb4b7e53041e42dfe4b0d9a9fc1e5c4c1922
-
SSDEEP
49152:V0D6JzOZ10OyixUj0GWiqR8pIIiZRZob77OT4NwjcBIxLFd6dtL3U:kUzYrZErq0yZ3OE+iRdkJU
Behavioral task
behavioral1
Sample
fa44a0222a7758ec447bf88f7b9a1f77_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
fa44a0222a7758ec447bf88f7b9a1f77_JaffaCakes118
-
Size
2.4MB
-
MD5
fa44a0222a7758ec447bf88f7b9a1f77
-
SHA1
9b3d39a84e806681ebc012db7a56fa428f6e9554
-
SHA256
bac8573eb21fb565b9ff2516aeff93747ed35736a33969621facc9c6f9d4b2f9
-
SHA512
62a6b4d3d01097b5ba641763c9cf00c4bbe566bb0671c11cdf38310ff274d362c6449ef42d50755bd382c1d32af4cb4b7e53041e42dfe4b0d9a9fc1e5c4c1922
-
SSDEEP
49152:V0D6JzOZ10OyixUj0GWiqR8pIIiZRZob77OT4NwjcBIxLFd6dtL3U:kUzYrZErq0yZ3OE+iRdkJU
-
SectopRAT payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-