General
-
Target
d6980a32514855a1f68bb1bdaf010abd_JaffaCakes118
-
Size
3.1MB
-
Sample
240909-stw79sxemb
-
MD5
d6980a32514855a1f68bb1bdaf010abd
-
SHA1
70826589d2f642f1d06f42b99baf7e8b0aca1c21
-
SHA256
e1d198c52fb030216dc159e73a57dff7ff6f4c8b816d720f1dba8744de1c58f4
-
SHA512
e2626e39735f932b92f893f323f1094b96ee170605974e28e513230ad7a51df588fe43e49c3daa00960192e1730ca1126da35dd6f6ff00aad56ac812dfe84c20
-
SSDEEP
49152:1oWVYsJNGnTLCiWZk/bsI8lUy3T3bLUTyl9Y7Pfj:GrBhh/iFDnUToU
Behavioral task
behavioral1
Sample
d6980a32514855a1f68bb1bdaf010abd_JaffaCakes118.exe
Resource
win7-20240704-en
Malware Config
Targets
-
-
Target
d6980a32514855a1f68bb1bdaf010abd_JaffaCakes118
-
Size
3.1MB
-
MD5
d6980a32514855a1f68bb1bdaf010abd
-
SHA1
70826589d2f642f1d06f42b99baf7e8b0aca1c21
-
SHA256
e1d198c52fb030216dc159e73a57dff7ff6f4c8b816d720f1dba8744de1c58f4
-
SHA512
e2626e39735f932b92f893f323f1094b96ee170605974e28e513230ad7a51df588fe43e49c3daa00960192e1730ca1126da35dd6f6ff00aad56ac812dfe84c20
-
SSDEEP
49152:1oWVYsJNGnTLCiWZk/bsI8lUy3T3bLUTyl9Y7Pfj:GrBhh/iFDnUToU
-
SectopRAT payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-