General
-
Target
d476042fc61b19fdc54f4ea5c323cdbf_JaffaCakes118
-
Size
4.5MB
-
Sample
240908-qm4bwsyaqm
-
MD5
d476042fc61b19fdc54f4ea5c323cdbf
-
SHA1
2ac7f0b2edec526175a6d18d184dc888c2cc362b
-
SHA256
a0ee37b8a40c08fd321acb32e215de5a5d11195cbd305bca88044b2e242c4cd1
-
SHA512
2888e2a59fe8cb588621fab1af39b8f46ae3545f6369920e364a3c8ce818a7293cee445e6e4991e13fb91d3413eaa7a0d150a6515b4d8b1513dc2357749968e3
-
SSDEEP
98304:b00qWSHkqn5iezIoK4CtYCi8hmeKA0KrDOeNpMcCoS99mfFMYu:6HOeznUtYv8hmvHanxzy9mfFx
Behavioral task
behavioral1
Sample
d476042fc61b19fdc54f4ea5c323cdbf_JaffaCakes118.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
d476042fc61b19fdc54f4ea5c323cdbf_JaffaCakes118
-
Size
4.5MB
-
MD5
d476042fc61b19fdc54f4ea5c323cdbf
-
SHA1
2ac7f0b2edec526175a6d18d184dc888c2cc362b
-
SHA256
a0ee37b8a40c08fd321acb32e215de5a5d11195cbd305bca88044b2e242c4cd1
-
SHA512
2888e2a59fe8cb588621fab1af39b8f46ae3545f6369920e364a3c8ce818a7293cee445e6e4991e13fb91d3413eaa7a0d150a6515b4d8b1513dc2357749968e3
-
SSDEEP
98304:b00qWSHkqn5iezIoK4CtYCi8hmeKA0KrDOeNpMcCoS99mfFMYu:6HOeznUtYv8hmvHanxzy9mfFx
-
SectopRAT payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-