Extracted

• • Target

    fb015fe6c1551b024ee8fe4f18492a51_JaffaCakes118

  • Size

    3.5MB

  • MD5

    fb015fe6c1551b024ee8fe4f18492a51

  • SHA1

    936a94e1f68932e6dc0fdb1679be244cea02d433

  • SHA256

    c86afa2b7029bc231add8b0c749cfcfd4868112261c6d2a671a1de657ceef826

  • SHA512

    3776e5fca598a837222e8a305f122e8ed97106a617249396a7b74e5c5893c5afcc16b3dc14898cfd291b466ca231a6ed1457549310dc85af6966bfe49cb414bc

  • SSDEEP

    98304:FMhScWXHrOq3pE8vdcJJmxJEk5v1A1J7tA1u:/X1vdcqxX5v1A1J7tsu

  Score

  10^/10

  redlinesectoprat1761072566discoveryevasioninfostealerratthemidatrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Redline family

    redline

  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

    trojanratsectoprat

  • SectopRAT payload

  • Sectoprat family

    sectoprat

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Themida packer

    Detects Themida, an advanced Windows software protection system.

    themida

  • Checks whether UAC is enabled

    evasiontrojan

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2