General

  • Target

    04493e41de45d994426eb26666c65a51_JaffaCakes118

  • Size

    4.4MB

  • Sample

    241001-ejh11atdlg

  • MD5

    04493e41de45d994426eb26666c65a51

  • SHA1

    cdbf270d92d5d5ef60adc5c6589cb9aa54de6685

  • SHA256

    108cad79cd5bd2a947c5b877a55b7d3a6a4ce579aae3f298c0618154c27eb3d4

  • SHA512

    857aff4b0d169d02a2c1921db8703f63b35ce49bb245aa3fd108926bc3c4bc0d329278e8cc9c9cd73fb99d48f1665b8eca0cabcdf870c8328693077b518d6af0

  • SSDEEP

    98304:uddEcgNvVz0d1O8pK80iMOYlNND7uipgAzLYE9r5rPR1Gt:IcPiK89MF37xeuLvDkt

Malware Config

Targets

    • Target

      04493e41de45d994426eb26666c65a51_JaffaCakes118

    • Size

      4.4MB

    • MD5

      04493e41de45d994426eb26666c65a51

    • SHA1

      cdbf270d92d5d5ef60adc5c6589cb9aa54de6685

    • SHA256

      108cad79cd5bd2a947c5b877a55b7d3a6a4ce579aae3f298c0618154c27eb3d4

    • SHA512

      857aff4b0d169d02a2c1921db8703f63b35ce49bb245aa3fd108926bc3c4bc0d329278e8cc9c9cd73fb99d48f1665b8eca0cabcdf870c8328693077b518d6af0

    • SSDEEP

      98304:uddEcgNvVz0d1O8pK80iMOYlNND7uipgAzLYE9r5rPR1Gt:IcPiK89MF37xeuLvDkt

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks