General

  • Target

    3b5f01b269c47aaf984c0827e433e800_JaffaCakes118

  • Size

    2.3MB

  • Sample

    241012-wnzb8atcrc

  • MD5

    3b5f01b269c47aaf984c0827e433e800

  • SHA1

    5e068802d9d21de8d384aa33b01e39cb189ac69d

  • SHA256

    25c212b01aed427cbe5c5e0f06e5edd0188f881551347aa20804b3da88da2af2

  • SHA512

    6396f210f9a5f8a2342598e203f1ee1d312478ed1f64e9141bd78296b9ecd2302da13887aac5a5e969b1728239a99987f3233ac7e32e79c002981019b7a687dd

  • SSDEEP

    49152:x/S5HCUUiB0cYZ/cyYDU811C9DIBadKxducFFba6ybx8N:x/4NVYZ/Vo1UFmrxducH+6m8N

Malware Config

Targets

    • Target

      3b5f01b269c47aaf984c0827e433e800_JaffaCakes118

    • Size

      2.3MB

    • MD5

      3b5f01b269c47aaf984c0827e433e800

    • SHA1

      5e068802d9d21de8d384aa33b01e39cb189ac69d

    • SHA256

      25c212b01aed427cbe5c5e0f06e5edd0188f881551347aa20804b3da88da2af2

    • SHA512

      6396f210f9a5f8a2342598e203f1ee1d312478ed1f64e9141bd78296b9ecd2302da13887aac5a5e969b1728239a99987f3233ac7e32e79c002981019b7a687dd

    • SSDEEP

      49152:x/S5HCUUiB0cYZ/cyYDU811C9DIBadKxducFFba6ybx8N:x/4NVYZ/Vo1UFmrxducH+6m8N

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks