General

  • Target

    0142469ef9dc0b4c88121ecc7255b497_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240426-vrhyzagc69

  • MD5

    0142469ef9dc0b4c88121ecc7255b497

  • SHA1

    7703e8fa7d78c39dc07875260fee99b617de1b58

  • SHA256

    9234c440ea294d92442df70b94b5e12889b4afe47671b73da9407e853210f8a6

  • SHA512

    bc5b223ed622cb7979c7166be1d7bbbd1bdf9c8292a51451ce32a695030d4b15527dace2b910fe0aca5cc4a704730bbcd82dccea10e7fc24d1cd8245565d810e

  • SSDEEP

    12288:GIbsBDU0I6+Tu0TJ0N1oYgeOF5A7W2FeDSIGVH/KIDgDgUeHbY1tkc:GIbGD2JTu0GoWQDbGV6eH8tkc

Malware Config

Targets

    • Target

      0142469ef9dc0b4c88121ecc7255b497_JaffaCakes118

    • Size

      1.2MB

    • MD5

      0142469ef9dc0b4c88121ecc7255b497

    • SHA1

      7703e8fa7d78c39dc07875260fee99b617de1b58

    • SHA256

      9234c440ea294d92442df70b94b5e12889b4afe47671b73da9407e853210f8a6

    • SHA512

      bc5b223ed622cb7979c7166be1d7bbbd1bdf9c8292a51451ce32a695030d4b15527dace2b910fe0aca5cc4a704730bbcd82dccea10e7fc24d1cd8245565d810e

    • SSDEEP

      12288:GIbsBDU0I6+Tu0TJ0N1oYgeOF5A7W2FeDSIGVH/KIDgDgUeHbY1tkc:GIbGD2JTu0GoWQDbGV6eH8tkc

    • Modifies WinLogon for persistence

    • Modifies visiblity of hidden/system files in Explorer

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    • Warzone RAT payload

    • Modifies Installed Components in the registry

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks