Overview

overview

10

Static

static

7

204cdae0b9...18.exe

windows7-x64

10

204cdae0b9...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    204cdae0b9583005eed92479e5f27e01_JaffaCakes118

  • Size

    2.7MB

  • Sample

    240702-3pmhdazfmj

  • MD5

    204cdae0b9583005eed92479e5f27e01

  • SHA1

    9a48eff585ec5955fc10ae06a8c1e16ad804c869

  • SHA256

    ff144f47f95b7b8f24573fc07b29562fdff19ea4a0d784e5c122995ab42095ad

  • SHA512

    d057775a571cc3e145c8de9a08c69cf2a9ac6449795257de9dc5b99a0c5768be70ea8b7ed74bbbb55fdb7a13ec73284c46f85bb57b43854419eb0fbcfb1f45c2

  • SSDEEP

    49152:IEUIGm7mK9f3hxmq5c5hCGJtjMhp2sOLDq6+:5UIxlpDNYhCgi2fHqh

Score
10/10
sectopratevasionratthemidatrojan

Malware Config

Targets

    • Target

      204cdae0b9583005eed92479e5f27e01_JaffaCakes118

    • Size

      2.7MB

    • MD5

      204cdae0b9583005eed92479e5f27e01

    • SHA1

      9a48eff585ec5955fc10ae06a8c1e16ad804c869

    • SHA256

      ff144f47f95b7b8f24573fc07b29562fdff19ea4a0d784e5c122995ab42095ad

    • SHA512

      d057775a571cc3e145c8de9a08c69cf2a9ac6449795257de9dc5b99a0c5768be70ea8b7ed74bbbb55fdb7a13ec73284c46f85bb57b43854419eb0fbcfb1f45c2

    • SSDEEP

      49152:IEUIGm7mK9f3hxmq5c5hCGJtjMhp2sOLDq6+:5UIxlpDNYhCgi2fHqh

    Score
    10/10
    sectopratevasionratthemidatrojan

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks