General

  • Target

    f9a46a5c0e32055b7b2dd38f119475b2_JaffaCakes118

  • Size

    2.9MB

  • Sample

    240927-d8bgsatdlp

  • MD5

    f9a46a5c0e32055b7b2dd38f119475b2

  • SHA1

    1dc40732bce0be729759be74acc56f7ddd03ccc6

  • SHA256

    232fc37db0db4254eab5c15f800864855b80a80606b0540467fc9f28b80bfd9d

  • SHA512

    b7d9dec599f225fe1d7b8649a5dc28ea9918c13e0db9a65a3e83a63a118fe73db31dc735e2862fa07420ba58508c7d352ab4c6101a1403099317ce9192d6a5d4

  • SSDEEP

    49152:wPH1b1ZVcKJ7lmdjx5nyYT6e5nU06PqKPQ8+o/F6wu4Y6ZBU5QgI2:w9XZKwYGqn16PqK62FZ3FgI

Malware Config

Targets

    • Target

      f9a46a5c0e32055b7b2dd38f119475b2_JaffaCakes118

    • Size

      2.9MB

    • MD5

      f9a46a5c0e32055b7b2dd38f119475b2

    • SHA1

      1dc40732bce0be729759be74acc56f7ddd03ccc6

    • SHA256

      232fc37db0db4254eab5c15f800864855b80a80606b0540467fc9f28b80bfd9d

    • SHA512

      b7d9dec599f225fe1d7b8649a5dc28ea9918c13e0db9a65a3e83a63a118fe73db31dc735e2862fa07420ba58508c7d352ab4c6101a1403099317ce9192d6a5d4

    • SSDEEP

      49152:wPH1b1ZVcKJ7lmdjx5nyYT6e5nU06PqKPQ8+o/F6wu4Y6ZBU5QgI2:w9XZKwYGqn16PqK62FZ3FgI

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks