General
-
Target
01b8b28365a184b93bed7a91fe9e769e_JaffaCakes118
-
Size
1.8MB
-
Sample
240426-1jrh2acg34
-
MD5
01b8b28365a184b93bed7a91fe9e769e
-
SHA1
2d864f6b445617c4f390a769d2d1b382c8fb24e5
-
SHA256
28107740b57e9f9996a6541a003757851be203e970e0d399c88568b48efbbce2
-
SHA512
7e4783ee3d0a1facd48e15460e577c99d2aa84050d727c808a34abb5018f2104cbde7828af4af9389bac0ff90f7dc397030ff821d9b2f8e14a4169e15094b7b4
-
SSDEEP
12288:t99Vbpgx4OuE+aCpBPY0PkI686WNUfWO6yuXzT5SPlSGN/A7W2FeDSIGVH/KIDg4:X1gg4CppEI6GGfWDkCQDbGV6eH81kh
Behavioral task
behavioral1
Sample
01b8b28365a184b93bed7a91fe9e769e_JaffaCakes118.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
01b8b28365a184b93bed7a91fe9e769e_JaffaCakes118.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
01b8b28365a184b93bed7a91fe9e769e_JaffaCakes118
-
Size
1.8MB
-
MD5
01b8b28365a184b93bed7a91fe9e769e
-
SHA1
2d864f6b445617c4f390a769d2d1b382c8fb24e5
-
SHA256
28107740b57e9f9996a6541a003757851be203e970e0d399c88568b48efbbce2
-
SHA512
7e4783ee3d0a1facd48e15460e577c99d2aa84050d727c808a34abb5018f2104cbde7828af4af9389bac0ff90f7dc397030ff821d9b2f8e14a4169e15094b7b4
-
SSDEEP
12288:t99Vbpgx4OuE+aCpBPY0PkI686WNUfWO6yuXzT5SPlSGN/A7W2FeDSIGVH/KIDg4:X1gg4CppEI6GGfWDkCQDbGV6eH81kh
Score10/10-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Modifies Installed Components in the registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1