General
-
Target
677da4ccf4a11b658874f4999e0c485b_JaffaCakes118
-
Size
3.5MB
-
Sample
240723-n3jajsvgjp
-
MD5
677da4ccf4a11b658874f4999e0c485b
-
SHA1
2cbc97e3505938896316c100b8d924dcd4f974b0
-
SHA256
1bae4143f3279399dcc695bca38d3524488c54d9e60482d52c0b1a3c15c85ed6
-
SHA512
8e8fce3e1c11f707a8ac3c866bcd579bff836a48caded8ad7134195f2d28710a63193d17e79b163c6c0e923acc82474e0d7f35bb07b37ff41fce42415148ef1e
-
SSDEEP
49152:gWdazm0qXUgCJZRdZPVSdTjP9+k46kwDUBAXtIjD8+rv8fPv8ZSvYRq1K2LJFLyD:4V2xDh+Zv/B1E+rEf48YR6JvK
Malware Config
Targets
-
-
Target
677da4ccf4a11b658874f4999e0c485b_JaffaCakes118
-
Size
3.5MB
-
MD5
677da4ccf4a11b658874f4999e0c485b
-
SHA1
2cbc97e3505938896316c100b8d924dcd4f974b0
-
SHA256
1bae4143f3279399dcc695bca38d3524488c54d9e60482d52c0b1a3c15c85ed6
-
SHA512
8e8fce3e1c11f707a8ac3c866bcd579bff836a48caded8ad7134195f2d28710a63193d17e79b163c6c0e923acc82474e0d7f35bb07b37ff41fce42415148ef1e
-
SSDEEP
49152:gWdazm0qXUgCJZRdZPVSdTjP9+k46kwDUBAXtIjD8+rv8fPv8ZSvYRq1K2LJFLyD:4V2xDh+Zv/B1E+rEf48YR6JvK
Score10/10-
SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
-
SectopRAT payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-