General

  • Target

    d476042fc61b19fdc54f4ea5c323cdbf_JaffaCakes118

  • Size

    4.5MB

  • Sample

    240908-qm4bwsyaqm

  • MD5

    d476042fc61b19fdc54f4ea5c323cdbf

  • SHA1

    2ac7f0b2edec526175a6d18d184dc888c2cc362b

  • SHA256

    a0ee37b8a40c08fd321acb32e215de5a5d11195cbd305bca88044b2e242c4cd1

  • SHA512

    2888e2a59fe8cb588621fab1af39b8f46ae3545f6369920e364a3c8ce818a7293cee445e6e4991e13fb91d3413eaa7a0d150a6515b4d8b1513dc2357749968e3

  • SSDEEP

    98304:b00qWSHkqn5iezIoK4CtYCi8hmeKA0KrDOeNpMcCoS99mfFMYu:6HOeznUtYv8hmvHanxzy9mfFx

Malware Config

Targets

    • Target

      d476042fc61b19fdc54f4ea5c323cdbf_JaffaCakes118

    • Size

      4.5MB

    • MD5

      d476042fc61b19fdc54f4ea5c323cdbf

    • SHA1

      2ac7f0b2edec526175a6d18d184dc888c2cc362b

    • SHA256

      a0ee37b8a40c08fd321acb32e215de5a5d11195cbd305bca88044b2e242c4cd1

    • SHA512

      2888e2a59fe8cb588621fab1af39b8f46ae3545f6369920e364a3c8ce818a7293cee445e6e4991e13fb91d3413eaa7a0d150a6515b4d8b1513dc2357749968e3

    • SSDEEP

      98304:b00qWSHkqn5iezIoK4CtYCi8hmeKA0KrDOeNpMcCoS99mfFMYu:6HOeznUtYv8hmvHanxzy9mfFx

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks