General

  • Target

    2f18ef350a8a6184ce1b48215680a52a_JaffaCakes118

  • Size

    5.4MB

  • Sample

    241009-ly9wlaxbjj

  • MD5

    2f18ef350a8a6184ce1b48215680a52a

  • SHA1

    1bae71951015909cf80f67db44e662b648b0e5bc

  • SHA256

    9afc2bea05a336a32384f8aa6efc0819593d6756a0cf05fcd0d6ff9ccbf36736

  • SHA512

    ead502fbae11708f77dfe1f5ccdbe7e847c6e6f992f4016ff7a65372f59cc300d4903a0dd1d507780683ff9e8238e1ff910c221d6c71a9911496089a11b7f291

  • SSDEEP

    98304:GKII73xiE5Y+IWAacMtdNsYIRUt+SuRKFu+pWLR8U0Cv4MOR5Ko3DoSAgEL:TzxiD+IWApMtdpVV2gYLRP0CwzXKrSN0

Malware Config

Targets

    • Target

      2f18ef350a8a6184ce1b48215680a52a_JaffaCakes118

    • Size

      5.4MB

    • MD5

      2f18ef350a8a6184ce1b48215680a52a

    • SHA1

      1bae71951015909cf80f67db44e662b648b0e5bc

    • SHA256

      9afc2bea05a336a32384f8aa6efc0819593d6756a0cf05fcd0d6ff9ccbf36736

    • SHA512

      ead502fbae11708f77dfe1f5ccdbe7e847c6e6f992f4016ff7a65372f59cc300d4903a0dd1d507780683ff9e8238e1ff910c221d6c71a9911496089a11b7f291

    • SSDEEP

      98304:GKII73xiE5Y+IWAacMtdNsYIRUt+SuRKFu+pWLR8U0Cv4MOR5Ko3DoSAgEL:TzxiD+IWApMtdpVV2gYLRP0CwzXKrSN0

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks