General
-
Target
d646a4ad7796c9552266f985119e8e86_JaffaCakes118
-
Size
2.6MB
-
Sample
241208-k35xrsyqhx
-
MD5
d646a4ad7796c9552266f985119e8e86
-
SHA1
8ecf0e9f9b58b51619d797a337226adb5f9e3e2a
-
SHA256
f14048acf21fa22bab2972bbd7ddd187f43853795088b41f8ca126d52f2b9ff1
-
SHA512
5249447eafa88858ef743619b10a383247f1d0b8947c3ac55d14850c02374c92aa138c80a87856574ccabccf1aa94ef3566f5f33315e8f8a229aad628780e175
-
SSDEEP
49152:QyIjegleg3dc/UHHU54llsRGmubN7/qxk7Tp2m1EatoGSERbYSJ6VG+Rx26k:QRDcAGuHX3sX0ND7XEcXmDVGt
Behavioral task
behavioral1
Sample
d646a4ad7796c9552266f985119e8e86_JaffaCakes118.exe
Resource
win7-20241023-en
Malware Config
Targets
-
-
Target
d646a4ad7796c9552266f985119e8e86_JaffaCakes118
-
Size
2.6MB
-
MD5
d646a4ad7796c9552266f985119e8e86
-
SHA1
8ecf0e9f9b58b51619d797a337226adb5f9e3e2a
-
SHA256
f14048acf21fa22bab2972bbd7ddd187f43853795088b41f8ca126d52f2b9ff1
-
SHA512
5249447eafa88858ef743619b10a383247f1d0b8947c3ac55d14850c02374c92aa138c80a87856574ccabccf1aa94ef3566f5f33315e8f8a229aad628780e175
-
SSDEEP
49152:QyIjegleg3dc/UHHU54llsRGmubN7/qxk7Tp2m1EatoGSERbYSJ6VG+Rx26k:QRDcAGuHX3sX0ND7XEcXmDVGt
-
SectopRAT payload
-
Sectoprat family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-