General
-
Target
f9a46a5c0e32055b7b2dd38f119475b2_JaffaCakes118
-
Size
2.9MB
-
Sample
240927-d8bgsatdlp
-
MD5
f9a46a5c0e32055b7b2dd38f119475b2
-
SHA1
1dc40732bce0be729759be74acc56f7ddd03ccc6
-
SHA256
232fc37db0db4254eab5c15f800864855b80a80606b0540467fc9f28b80bfd9d
-
SHA512
b7d9dec599f225fe1d7b8649a5dc28ea9918c13e0db9a65a3e83a63a118fe73db31dc735e2862fa07420ba58508c7d352ab4c6101a1403099317ce9192d6a5d4
-
SSDEEP
49152:wPH1b1ZVcKJ7lmdjx5nyYT6e5nU06PqKPQ8+o/F6wu4Y6ZBU5QgI2:w9XZKwYGqn16PqK62FZ3FgI
Behavioral task
behavioral1
Sample
f9a46a5c0e32055b7b2dd38f119475b2_JaffaCakes118.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
f9a46a5c0e32055b7b2dd38f119475b2_JaffaCakes118
-
Size
2.9MB
-
MD5
f9a46a5c0e32055b7b2dd38f119475b2
-
SHA1
1dc40732bce0be729759be74acc56f7ddd03ccc6
-
SHA256
232fc37db0db4254eab5c15f800864855b80a80606b0540467fc9f28b80bfd9d
-
SHA512
b7d9dec599f225fe1d7b8649a5dc28ea9918c13e0db9a65a3e83a63a118fe73db31dc735e2862fa07420ba58508c7d352ab4c6101a1403099317ce9192d6a5d4
-
SSDEEP
49152:wPH1b1ZVcKJ7lmdjx5nyYT6e5nU06PqKPQ8+o/F6wu4Y6ZBU5QgI2:w9XZKwYGqn16PqK62FZ3FgI
-
SectopRAT payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-