General
-
Target
04493e41de45d994426eb26666c65a51_JaffaCakes118
-
Size
4.4MB
-
Sample
241001-ejh11atdlg
-
MD5
04493e41de45d994426eb26666c65a51
-
SHA1
cdbf270d92d5d5ef60adc5c6589cb9aa54de6685
-
SHA256
108cad79cd5bd2a947c5b877a55b7d3a6a4ce579aae3f298c0618154c27eb3d4
-
SHA512
857aff4b0d169d02a2c1921db8703f63b35ce49bb245aa3fd108926bc3c4bc0d329278e8cc9c9cd73fb99d48f1665b8eca0cabcdf870c8328693077b518d6af0
-
SSDEEP
98304:uddEcgNvVz0d1O8pK80iMOYlNND7uipgAzLYE9r5rPR1Gt:IcPiK89MF37xeuLvDkt
Behavioral task
behavioral1
Sample
04493e41de45d994426eb26666c65a51_JaffaCakes118.exe
Resource
win7-20240708-en
Malware Config
Targets
-
-
Target
04493e41de45d994426eb26666c65a51_JaffaCakes118
-
Size
4.4MB
-
MD5
04493e41de45d994426eb26666c65a51
-
SHA1
cdbf270d92d5d5ef60adc5c6589cb9aa54de6685
-
SHA256
108cad79cd5bd2a947c5b877a55b7d3a6a4ce579aae3f298c0618154c27eb3d4
-
SHA512
857aff4b0d169d02a2c1921db8703f63b35ce49bb245aa3fd108926bc3c4bc0d329278e8cc9c9cd73fb99d48f1665b8eca0cabcdf870c8328693077b518d6af0
-
SSDEEP
98304:uddEcgNvVz0d1O8pK80iMOYlNND7uipgAzLYE9r5rPR1Gt:IcPiK89MF37xeuLvDkt
-
SectopRAT payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-