General
-
Target
JaffaCakes118_a7940ae06093e34ee0df817c8e2812b5
-
Size
3.1MB
-
Sample
250108-x33hvszmas
-
MD5
a7940ae06093e34ee0df817c8e2812b5
-
SHA1
de1bd723226d6710fa89eb58498a4780cb90f9e2
-
SHA256
6c0092d6659a16980d2a231b692ffad9d0f09b4a5888f8fdd8443aa104d7a584
-
SHA512
fa4640c0874cf423a2eeab26497575175c50a62e6eb2bc65327eca4036f97ab509d41304563a59674b482138bc21ceab3b8534bf583e7eedf56335ab985a8c05
-
SSDEEP
98304:DkUk5Eg2SFj0PA35wbKPWdK748QOKRg6QZDCFByDU:DW5P2SFVSG1E8QOK+6QZDFU
Malware Config
Targets
-
-
Target
JaffaCakes118_a7940ae06093e34ee0df817c8e2812b5
-
Size
3.1MB
-
MD5
a7940ae06093e34ee0df817c8e2812b5
-
SHA1
de1bd723226d6710fa89eb58498a4780cb90f9e2
-
SHA256
6c0092d6659a16980d2a231b692ffad9d0f09b4a5888f8fdd8443aa104d7a584
-
SHA512
fa4640c0874cf423a2eeab26497575175c50a62e6eb2bc65327eca4036f97ab509d41304563a59674b482138bc21ceab3b8534bf583e7eedf56335ab985a8c05
-
SSDEEP
98304:DkUk5Eg2SFj0PA35wbKPWdK748QOKRg6QZDCFByDU:DW5P2SFVSG1E8QOK+6QZDFU
Score10/10-
SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
-
SectopRAT payload
-
Sectoprat family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-