Extracted

• • Target

    JaffaCakes118_d13474856ef72e1dc3ce39cc8555cccf

  • Size

    4.7MB

  • MD5

    d13474856ef72e1dc3ce39cc8555cccf

  • SHA1

    b4fab03d9f6edbc2560fd78fd4a4be6a23d02b79

  • SHA256

    c8ddc6a1c8dc373fba28ff173ae3c4bd8bed34c1c29646f94fc7be35e45a7d09

  • SHA512

    cb321c28f3b914df3bdc08bd6ce22898ddc2e61e377fb992cf048c925107a30470ef355d52ce2e7035c5c85a228eb70efba73589be3d0bd8a1aa3fcdbc08442c

  • SSDEEP

    49152:B1CBbWUHgmpZ+RbkkPSvBNQ+XlrprFQN6HJVQ/BaLcYJJI3he86phSyKtinv:BYJXPpZ1PQK9rF9VsBqcUJI3hrkrginv

  Score

  10^/10

  redlinesectoprat20discoveryevasioninfostealerratthemidatrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Redline family

    redline

  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

    trojanratsectoprat

  • SectopRAT payload

  • Sectoprat family

    sectoprat

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Themida packer

    Detects Themida, an advanced Windows software protection system.

    themida

  • Checks whether UAC is enabled

    evasiontrojan

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2