General
-
Target
2f18ef350a8a6184ce1b48215680a52a_JaffaCakes118
-
Size
5.4MB
-
Sample
241009-ly9wlaxbjj
-
MD5
2f18ef350a8a6184ce1b48215680a52a
-
SHA1
1bae71951015909cf80f67db44e662b648b0e5bc
-
SHA256
9afc2bea05a336a32384f8aa6efc0819593d6756a0cf05fcd0d6ff9ccbf36736
-
SHA512
ead502fbae11708f77dfe1f5ccdbe7e847c6e6f992f4016ff7a65372f59cc300d4903a0dd1d507780683ff9e8238e1ff910c221d6c71a9911496089a11b7f291
-
SSDEEP
98304:GKII73xiE5Y+IWAacMtdNsYIRUt+SuRKFu+pWLR8U0Cv4MOR5Ko3DoSAgEL:TzxiD+IWApMtdpVV2gYLRP0CwzXKrSN0
Behavioral task
behavioral1
Sample
2f18ef350a8a6184ce1b48215680a52a_JaffaCakes118.exe
Resource
win7-20240708-en
Malware Config
Targets
-
-
Target
2f18ef350a8a6184ce1b48215680a52a_JaffaCakes118
-
Size
5.4MB
-
MD5
2f18ef350a8a6184ce1b48215680a52a
-
SHA1
1bae71951015909cf80f67db44e662b648b0e5bc
-
SHA256
9afc2bea05a336a32384f8aa6efc0819593d6756a0cf05fcd0d6ff9ccbf36736
-
SHA512
ead502fbae11708f77dfe1f5ccdbe7e847c6e6f992f4016ff7a65372f59cc300d4903a0dd1d507780683ff9e8238e1ff910c221d6c71a9911496089a11b7f291
-
SSDEEP
98304:GKII73xiE5Y+IWAacMtdNsYIRUt+SuRKFu+pWLR8U0Cv4MOR5Ko3DoSAgEL:TzxiD+IWApMtdpVV2gYLRP0CwzXKrSN0
-
SectopRAT payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-