Overview

overview

10

Static

static

7

fe6da89f80...18.exe

windows7-x64

10

fe6da89f80...18.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    fe6da89f800e17d62df98ce2298e8b5b_JaffaCakes118

  • Size

    2.4MB

  • Sample

    240421-e17qpabd4s

  • MD5

    fe6da89f800e17d62df98ce2298e8b5b

  • SHA1

    4b97d39ceead58f157e3cb07aeabb923f0a8e82e

  • SHA256

    d2ed7a0c777e7f8e220dcd828d7baffb4c9566bae0c6e915e8945b27f068e3b7

  • SHA512

    b54b4f4ae2a3b9111a87c7bb722f9d2612fc0401cac0aec992c365c1666c7f7422a4def7ebf433b572deea5ef69d354f2b0955a0b5047390f5ff4ea8a3e7fbbb

  • SSDEEP

    49152:NAyArJVGQBIzY043H8zTFDpdc0J3kViW+9zHMo4ECL6dQ/0y:NA4zP438y+kVFV6dQz

Score
10/10
sectopratevasionratthemidatrojan

Malware Config

Targets

    • Target

      fe6da89f800e17d62df98ce2298e8b5b_JaffaCakes118

    • Size

      2.4MB

    • MD5

      fe6da89f800e17d62df98ce2298e8b5b

    • SHA1

      4b97d39ceead58f157e3cb07aeabb923f0a8e82e

    • SHA256

      d2ed7a0c777e7f8e220dcd828d7baffb4c9566bae0c6e915e8945b27f068e3b7

    • SHA512

      b54b4f4ae2a3b9111a87c7bb722f9d2612fc0401cac0aec992c365c1666c7f7422a4def7ebf433b572deea5ef69d354f2b0955a0b5047390f5ff4ea8a3e7fbbb

    • SSDEEP

      49152:NAyArJVGQBIzY043H8zTFDpdc0J3kViW+9zHMo4ECL6dQ/0y:NA4zP438y+kVFV6dQz

    Score
    10/10
    sectopratevasionratthemidatrojan

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks