General
-
Target
01db2c2d196623ee4deffdebaef9f47f_JaffaCakes118
-
Size
1.8MB
-
Sample
240426-2xw64sdh25
-
MD5
01db2c2d196623ee4deffdebaef9f47f
-
SHA1
29acbb5fed29e3d4abae7144e9eb25052130ce00
-
SHA256
ed6058faa8763e9194c2b72146ae173e1c4134073b19d81d80e2ce5bd463a095
-
SHA512
b8f874f184c4c201946e56916ca97178ff45e864fb417e0430867996d06053925e35f579ee03977c360b39396435eed1a81f2ac232451fbaac100c86a235c9fe
-
SSDEEP
12288:t99Vbpgx4OuE+aCpBPY0PkI686WNUfWO6yuXzT5SPlSGN/A7W2FeDSIGVH/KIDgz:X1gg4CppEI6GGfWDkCQDbGV6eH81k0
Malware Config
Targets
-
-
Target
01db2c2d196623ee4deffdebaef9f47f_JaffaCakes118
-
Size
1.8MB
-
MD5
01db2c2d196623ee4deffdebaef9f47f
-
SHA1
29acbb5fed29e3d4abae7144e9eb25052130ce00
-
SHA256
ed6058faa8763e9194c2b72146ae173e1c4134073b19d81d80e2ce5bd463a095
-
SHA512
b8f874f184c4c201946e56916ca97178ff45e864fb417e0430867996d06053925e35f579ee03977c360b39396435eed1a81f2ac232451fbaac100c86a235c9fe
-
SSDEEP
12288:t99Vbpgx4OuE+aCpBPY0PkI686WNUfWO6yuXzT5SPlSGN/A7W2FeDSIGVH/KIDgz:X1gg4CppEI6GGfWDkCQDbGV6eH81k0
Score10/10-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Modifies Installed Components in the registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1