General
-
Target
JaffaCakes118_3f9c0ab12cec709afd52d0a0099e8100
-
Size
4.7MB
-
Sample
250106-22nqjatqdm
-
MD5
3f9c0ab12cec709afd52d0a0099e8100
-
SHA1
6e7d14169df2775f51aa8f78ffe5f085be3fab68
-
SHA256
99957297e1795b4824d5f43ecdad3eba1bb0f22b631574a8ded1ca8b8c674672
-
SHA512
e7f1dd28febc4e2d424c987088da0b4769e4dbfe915a826023ca64f73e159019564ac57f6508ddd6dd58a2f43548cbc347614b8ccea91292fdb988e43c6abe83
-
SSDEEP
98304:IZuyo9KL3rXxA5o2V9Jg0gfh0hD4bi18GudhT:IuySKLTxA5oQJg0gfmhD4bi8jvT
Behavioral task
behavioral1
Sample
JaffaCakes118_3f9c0ab12cec709afd52d0a0099e8100.exe
Resource
win7-20241023-en
Malware Config
Targets
-
-
Target
JaffaCakes118_3f9c0ab12cec709afd52d0a0099e8100
-
Size
4.7MB
-
MD5
3f9c0ab12cec709afd52d0a0099e8100
-
SHA1
6e7d14169df2775f51aa8f78ffe5f085be3fab68
-
SHA256
99957297e1795b4824d5f43ecdad3eba1bb0f22b631574a8ded1ca8b8c674672
-
SHA512
e7f1dd28febc4e2d424c987088da0b4769e4dbfe915a826023ca64f73e159019564ac57f6508ddd6dd58a2f43548cbc347614b8ccea91292fdb988e43c6abe83
-
SSDEEP
98304:IZuyo9KL3rXxA5o2V9Jg0gfh0hD4bi18GudhT:IuySKLTxA5oQJg0gfmhD4bi8jvT
-
SectopRAT payload
-
Sectoprat family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-