General

  • Target

    d646a4ad7796c9552266f985119e8e86_JaffaCakes118

  • Size

    2.6MB

  • Sample

    241208-k35xrsyqhx

  • MD5

    d646a4ad7796c9552266f985119e8e86

  • SHA1

    8ecf0e9f9b58b51619d797a337226adb5f9e3e2a

  • SHA256

    f14048acf21fa22bab2972bbd7ddd187f43853795088b41f8ca126d52f2b9ff1

  • SHA512

    5249447eafa88858ef743619b10a383247f1d0b8947c3ac55d14850c02374c92aa138c80a87856574ccabccf1aa94ef3566f5f33315e8f8a229aad628780e175

  • SSDEEP

    49152:QyIjegleg3dc/UHHU54llsRGmubN7/qxk7Tp2m1EatoGSERbYSJ6VG+Rx26k:QRDcAGuHX3sX0ND7XEcXmDVGt

Malware Config

Targets

    • Target

      d646a4ad7796c9552266f985119e8e86_JaffaCakes118

    • Size

      2.6MB

    • MD5

      d646a4ad7796c9552266f985119e8e86

    • SHA1

      8ecf0e9f9b58b51619d797a337226adb5f9e3e2a

    • SHA256

      f14048acf21fa22bab2972bbd7ddd187f43853795088b41f8ca126d52f2b9ff1

    • SHA512

      5249447eafa88858ef743619b10a383247f1d0b8947c3ac55d14850c02374c92aa138c80a87856574ccabccf1aa94ef3566f5f33315e8f8a229aad628780e175

    • SSDEEP

      49152:QyIjegleg3dc/UHHU54llsRGmubN7/qxk7Tp2m1EatoGSERbYSJ6VG+Rx26k:QRDcAGuHX3sX0ND7XEcXmDVGt

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Sectoprat family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks