General
-
Target
99a37fb57971e423b8090db6c736691c_JaffaCakes118
-
Size
3.2MB
-
Sample
241125-gpzxtasmbs
-
MD5
99a37fb57971e423b8090db6c736691c
-
SHA1
9c5b30be634fd708262335eadd8f2874517dbcfb
-
SHA256
7dafa95c4dd46e16f5145d08a516906f68e20bb84cd6d8f83da2b0bb81f50856
-
SHA512
0a360e6db95dfde5ea6e61945de60a43b2ea9a706e5c3e2ffb9aec585ebbbb6875e5f727a30c53c5abab7a54021383a716e00c5bb94da004c39ce89016270013
-
SSDEEP
49152:CFM/vFNQMjvdwHWk6vkd1m8QvhVzF6r7S91ILe9sy4yO94sfX8C+j:CFMfQejk6vkd1m7vhVInXeqOsEC+
Malware Config
Targets
-
-
Target
99a37fb57971e423b8090db6c736691c_JaffaCakes118
-
Size
3.2MB
-
MD5
99a37fb57971e423b8090db6c736691c
-
SHA1
9c5b30be634fd708262335eadd8f2874517dbcfb
-
SHA256
7dafa95c4dd46e16f5145d08a516906f68e20bb84cd6d8f83da2b0bb81f50856
-
SHA512
0a360e6db95dfde5ea6e61945de60a43b2ea9a706e5c3e2ffb9aec585ebbbb6875e5f727a30c53c5abab7a54021383a716e00c5bb94da004c39ce89016270013
-
SSDEEP
49152:CFM/vFNQMjvdwHWk6vkd1m8QvhVzF6r7S91ILe9sy4yO94sfX8C+j:CFMfQejk6vkd1m7vhVInXeqOsEC+
Score10/10-
SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
-
SectopRAT payload
-
Sectoprat family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-