General

  • Target

    335efdeb5b3c70ccfb6aeef0e2aa3257_JaffaCakes118

  • Size

    2.0MB

  • Sample

    241011-fthnnawhnc

  • MD5

    335efdeb5b3c70ccfb6aeef0e2aa3257

  • SHA1

    092a7cc2952c67049a53d76fd85d20dc638a48db

  • SHA256

    78720eb7eadb4b44f4a48abd761ec64d7cb3f14dddc8ddcc910d178faf0d4d57

  • SHA512

    9c1ca1e0137bc6646b42e218c925275574cfd98c45089f95b0b654416993d2a9b710cc5dbdcafc88e332c60ea54c62c2cc5db9c2ba9531866482042263552bd0

  • SSDEEP

    49152:YjU+fLME1rhngX7wn87pQ2c54v3/hXuPt+uqZiF8:YjzfLjrhgX7w8l7c4v3/hC+uQiF8

Malware Config

Targets

    • Target

      335efdeb5b3c70ccfb6aeef0e2aa3257_JaffaCakes118

    • Size

      2.0MB

    • MD5

      335efdeb5b3c70ccfb6aeef0e2aa3257

    • SHA1

      092a7cc2952c67049a53d76fd85d20dc638a48db

    • SHA256

      78720eb7eadb4b44f4a48abd761ec64d7cb3f14dddc8ddcc910d178faf0d4d57

    • SHA512

      9c1ca1e0137bc6646b42e218c925275574cfd98c45089f95b0b654416993d2a9b710cc5dbdcafc88e332c60ea54c62c2cc5db9c2ba9531866482042263552bd0

    • SSDEEP

      49152:YjU+fLME1rhngX7wn87pQ2c54v3/hXuPt+uqZiF8:YjzfLjrhgX7w8l7c4v3/hC+uQiF8

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks