General
-
Target
2ef0cc6f0f8aa2534e103b829e270e1d_JaffaCakes118
-
Size
1.9MB
-
Sample
241009-lsehhazgrg
-
MD5
2ef0cc6f0f8aa2534e103b829e270e1d
-
SHA1
c146681a98d585012791c2e9504caacba25becc9
-
SHA256
822c95f975773e71f49d3ed2c9afa87d6d27d245c7f5a4a9439278e27ee0ae64
-
SHA512
56efa1b2e849ad5d836034a3f7992edec6e24914a80a8a1a03b29953082a0e898bace35705a76ce6660188c3954370c0c63d105c3c51f03441aadb94d590ee4a
-
SSDEEP
49152:UehSFpgl8ZovDXNVBECKYLNDMBp6/FMe/MoNgd:Ue4FpglOo5KMDMBp6/FB/+
Behavioral task
behavioral1
Sample
2ef0cc6f0f8aa2534e103b829e270e1d_JaffaCakes118.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
2ef0cc6f0f8aa2534e103b829e270e1d_JaffaCakes118
-
Size
1.9MB
-
MD5
2ef0cc6f0f8aa2534e103b829e270e1d
-
SHA1
c146681a98d585012791c2e9504caacba25becc9
-
SHA256
822c95f975773e71f49d3ed2c9afa87d6d27d245c7f5a4a9439278e27ee0ae64
-
SHA512
56efa1b2e849ad5d836034a3f7992edec6e24914a80a8a1a03b29953082a0e898bace35705a76ce6660188c3954370c0c63d105c3c51f03441aadb94d590ee4a
-
SSDEEP
49152:UehSFpgl8ZovDXNVBECKYLNDMBp6/FMe/MoNgd:Ue4FpglOo5KMDMBp6/FB/+
-
SectopRAT payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-