General
-
Target
01a5564b07b078451e2f79255fc8aea7_JaffaCakes118
-
Size
1.2MB
-
Sample
240426-zqmmzsca73
-
MD5
01a5564b07b078451e2f79255fc8aea7
-
SHA1
a9aa517798657dbd549eac4cb838bfd6185ef852
-
SHA256
1944aa15e6db8e3b416928e5b07218e2a76f2bfc7dae93b569d7667a0d06c5ed
-
SHA512
a249dcd9283a42ec837896cfb89c1ae375a97739bfa01df525b2699e154b53b4c247d071fe8f6aeac7810eadaf3cca05303e196d03e021ae750e963102ced9c9
-
SSDEEP
12288:OIbsBDU0I6+Tu0TJ0N1oYgNOFDA7W2FeDSIGVH/KIDgDgUeHbY11k2:OIbGD2JTu0GoZQDbGV6eH81k2
Behavioral task
behavioral1
Sample
01a5564b07b078451e2f79255fc8aea7_JaffaCakes118.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
01a5564b07b078451e2f79255fc8aea7_JaffaCakes118.exe
Resource
win10v2004-20240419-en
Malware Config
Targets
-
-
Target
01a5564b07b078451e2f79255fc8aea7_JaffaCakes118
-
Size
1.2MB
-
MD5
01a5564b07b078451e2f79255fc8aea7
-
SHA1
a9aa517798657dbd549eac4cb838bfd6185ef852
-
SHA256
1944aa15e6db8e3b416928e5b07218e2a76f2bfc7dae93b569d7667a0d06c5ed
-
SHA512
a249dcd9283a42ec837896cfb89c1ae375a97739bfa01df525b2699e154b53b4c247d071fe8f6aeac7810eadaf3cca05303e196d03e021ae750e963102ced9c9
-
SSDEEP
12288:OIbsBDU0I6+Tu0TJ0N1oYgNOFDA7W2FeDSIGVH/KIDgDgUeHbY11k2:OIbGD2JTu0GoZQDbGV6eH81k2
-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Modifies Installed Components in the registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1