General
-
Target
3b5f01b269c47aaf984c0827e433e800_JaffaCakes118
-
Size
2.3MB
-
Sample
241012-wnzb8atcrc
-
MD5
3b5f01b269c47aaf984c0827e433e800
-
SHA1
5e068802d9d21de8d384aa33b01e39cb189ac69d
-
SHA256
25c212b01aed427cbe5c5e0f06e5edd0188f881551347aa20804b3da88da2af2
-
SHA512
6396f210f9a5f8a2342598e203f1ee1d312478ed1f64e9141bd78296b9ecd2302da13887aac5a5e969b1728239a99987f3233ac7e32e79c002981019b7a687dd
-
SSDEEP
49152:x/S5HCUUiB0cYZ/cyYDU811C9DIBadKxducFFba6ybx8N:x/4NVYZ/Vo1UFmrxducH+6m8N
Behavioral task
behavioral1
Sample
3b5f01b269c47aaf984c0827e433e800_JaffaCakes118.exe
Resource
win7-20240708-en
Malware Config
Targets
-
-
Target
3b5f01b269c47aaf984c0827e433e800_JaffaCakes118
-
Size
2.3MB
-
MD5
3b5f01b269c47aaf984c0827e433e800
-
SHA1
5e068802d9d21de8d384aa33b01e39cb189ac69d
-
SHA256
25c212b01aed427cbe5c5e0f06e5edd0188f881551347aa20804b3da88da2af2
-
SHA512
6396f210f9a5f8a2342598e203f1ee1d312478ed1f64e9141bd78296b9ecd2302da13887aac5a5e969b1728239a99987f3233ac7e32e79c002981019b7a687dd
-
SSDEEP
49152:x/S5HCUUiB0cYZ/cyYDU811C9DIBadKxducFFba6ybx8N:x/4NVYZ/Vo1UFmrxducH+6m8N
-
SectopRAT payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-