General
-
Target
f209eba907a51025f1e60e14dac912b9_JaffaCakes118
-
Size
2.5MB
-
Sample
241215-dtqyxssmdv
-
MD5
f209eba907a51025f1e60e14dac912b9
-
SHA1
dd893b9807623a3ec3c74f921f1003e0853ab8ce
-
SHA256
12505bb6e3c63202f22db1d60afd4a0a386ddff8807bf0d1f8583ba57f6413ba
-
SHA512
7048c2710f8a28a6222469a684a7061f47f956eb5208776161c0ff36467b14eddea45520ba4dc0478f0dd5d0470914a843735b81a703e97de59d78bf1fb2d15e
-
SSDEEP
49152:MrQjrFqvDtFTlUkYlhI/FSNpv7/d6gqtaujFwaEsM0KuVXiiku9dw:OrtFTlohIYv7F6gqtNjF1PRVv9dw
Malware Config
Targets
-
-
Target
f209eba907a51025f1e60e14dac912b9_JaffaCakes118
-
Size
2.5MB
-
MD5
f209eba907a51025f1e60e14dac912b9
-
SHA1
dd893b9807623a3ec3c74f921f1003e0853ab8ce
-
SHA256
12505bb6e3c63202f22db1d60afd4a0a386ddff8807bf0d1f8583ba57f6413ba
-
SHA512
7048c2710f8a28a6222469a684a7061f47f956eb5208776161c0ff36467b14eddea45520ba4dc0478f0dd5d0470914a843735b81a703e97de59d78bf1fb2d15e
-
SSDEEP
49152:MrQjrFqvDtFTlUkYlhI/FSNpv7/d6gqtaujFwaEsM0KuVXiiku9dw:OrtFTlohIYv7F6gqtNjF1PRVv9dw
Score10/10-
SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
-
SectopRAT payload
-
Sectoprat family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-