General

  • Target

    d6980a32514855a1f68bb1bdaf010abd_JaffaCakes118

  • Size

    3.1MB

  • Sample

    240909-stw79sxemb

  • MD5

    d6980a32514855a1f68bb1bdaf010abd

  • SHA1

    70826589d2f642f1d06f42b99baf7e8b0aca1c21

  • SHA256

    e1d198c52fb030216dc159e73a57dff7ff6f4c8b816d720f1dba8744de1c58f4

  • SHA512

    e2626e39735f932b92f893f323f1094b96ee170605974e28e513230ad7a51df588fe43e49c3daa00960192e1730ca1126da35dd6f6ff00aad56ac812dfe84c20

  • SSDEEP

    49152:1oWVYsJNGnTLCiWZk/bsI8lUy3T3bLUTyl9Y7Pfj:GrBhh/iFDnUToU

Malware Config

Targets

    • Target

      d6980a32514855a1f68bb1bdaf010abd_JaffaCakes118

    • Size

      3.1MB

    • MD5

      d6980a32514855a1f68bb1bdaf010abd

    • SHA1

      70826589d2f642f1d06f42b99baf7e8b0aca1c21

    • SHA256

      e1d198c52fb030216dc159e73a57dff7ff6f4c8b816d720f1dba8744de1c58f4

    • SHA512

      e2626e39735f932b92f893f323f1094b96ee170605974e28e513230ad7a51df588fe43e49c3daa00960192e1730ca1126da35dd6f6ff00aad56ac812dfe84c20

    • SSDEEP

      49152:1oWVYsJNGnTLCiWZk/bsI8lUy3T3bLUTyl9Y7Pfj:GrBhh/iFDnUToU

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks