General

  • Target

    01b8b28365a184b93bed7a91fe9e769e_JaffaCakes118

  • Size

    1.8MB

  • Sample

    240426-1jrh2acg34

  • MD5

    01b8b28365a184b93bed7a91fe9e769e

  • SHA1

    2d864f6b445617c4f390a769d2d1b382c8fb24e5

  • SHA256

    28107740b57e9f9996a6541a003757851be203e970e0d399c88568b48efbbce2

  • SHA512

    7e4783ee3d0a1facd48e15460e577c99d2aa84050d727c808a34abb5018f2104cbde7828af4af9389bac0ff90f7dc397030ff821d9b2f8e14a4169e15094b7b4

  • SSDEEP

    12288:t99Vbpgx4OuE+aCpBPY0PkI686WNUfWO6yuXzT5SPlSGN/A7W2FeDSIGVH/KIDg4:X1gg4CppEI6GGfWDkCQDbGV6eH81kh

Malware Config

Targets

    • Target

      01b8b28365a184b93bed7a91fe9e769e_JaffaCakes118

    • Size

      1.8MB

    • MD5

      01b8b28365a184b93bed7a91fe9e769e

    • SHA1

      2d864f6b445617c4f390a769d2d1b382c8fb24e5

    • SHA256

      28107740b57e9f9996a6541a003757851be203e970e0d399c88568b48efbbce2

    • SHA512

      7e4783ee3d0a1facd48e15460e577c99d2aa84050d727c808a34abb5018f2104cbde7828af4af9389bac0ff90f7dc397030ff821d9b2f8e14a4169e15094b7b4

    • SSDEEP

      12288:t99Vbpgx4OuE+aCpBPY0PkI686WNUfWO6yuXzT5SPlSGN/A7W2FeDSIGVH/KIDg4:X1gg4CppEI6GGfWDkCQDbGV6eH81kh

    • Modifies WinLogon for persistence

    • Modifies visiblity of hidden/system files in Explorer

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    • Warzone RAT payload

    • Modifies Installed Components in the registry

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks