General

  • Target

    JaffaCakes118_3f9c0ab12cec709afd52d0a0099e8100

  • Size

    4.7MB

  • Sample

    250106-22nqjatqdm

  • MD5

    3f9c0ab12cec709afd52d0a0099e8100

  • SHA1

    6e7d14169df2775f51aa8f78ffe5f085be3fab68

  • SHA256

    99957297e1795b4824d5f43ecdad3eba1bb0f22b631574a8ded1ca8b8c674672

  • SHA512

    e7f1dd28febc4e2d424c987088da0b4769e4dbfe915a826023ca64f73e159019564ac57f6508ddd6dd58a2f43548cbc347614b8ccea91292fdb988e43c6abe83

  • SSDEEP

    98304:IZuyo9KL3rXxA5o2V9Jg0gfh0hD4bi18GudhT:IuySKLTxA5oQJg0gfmhD4bi8jvT

Malware Config

Targets

    • Target

      JaffaCakes118_3f9c0ab12cec709afd52d0a0099e8100

    • Size

      4.7MB

    • MD5

      3f9c0ab12cec709afd52d0a0099e8100

    • SHA1

      6e7d14169df2775f51aa8f78ffe5f085be3fab68

    • SHA256

      99957297e1795b4824d5f43ecdad3eba1bb0f22b631574a8ded1ca8b8c674672

    • SHA512

      e7f1dd28febc4e2d424c987088da0b4769e4dbfe915a826023ca64f73e159019564ac57f6508ddd6dd58a2f43548cbc347614b8ccea91292fdb988e43c6abe83

    • SSDEEP

      98304:IZuyo9KL3rXxA5o2V9Jg0gfh0hD4bi18GudhT:IuySKLTxA5oQJg0gfmhD4bi8jvT

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Sectoprat family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks