General

  • Target

    02505e7453e8583d871cab6f65b33d48_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240427-d1qazaaa64

  • MD5

    02505e7453e8583d871cab6f65b33d48

  • SHA1

    cd8ef0edf6b31e5c8b93e81860eee2c941f5b356

  • SHA256

    42a6cee4703b642062efaa4d325e89f1902ffd618abbcb5c9e80a3edcb5ca0a5

  • SHA512

    64531f8444dbbe6cad7aa463ce98492f909c30ce6509b01b8b8e9055f9a863cb30e11fc1dc295bf1eec9e99a3a196255a29320cf06d1f4b06a04ce2ac52bc38b

  • SSDEEP

    12288:OIbsBDU0I6+Tu0TJ0N1oYgNOFDA7W2FeDSIGVH/KIDgDgUeHbY11kD:OIbGD2JTu0GoZQDbGV6eH81kD

Malware Config

Targets

    • Target

      02505e7453e8583d871cab6f65b33d48_JaffaCakes118

    • Size

      1.2MB

    • MD5

      02505e7453e8583d871cab6f65b33d48

    • SHA1

      cd8ef0edf6b31e5c8b93e81860eee2c941f5b356

    • SHA256

      42a6cee4703b642062efaa4d325e89f1902ffd618abbcb5c9e80a3edcb5ca0a5

    • SHA512

      64531f8444dbbe6cad7aa463ce98492f909c30ce6509b01b8b8e9055f9a863cb30e11fc1dc295bf1eec9e99a3a196255a29320cf06d1f4b06a04ce2ac52bc38b

    • SSDEEP

      12288:OIbsBDU0I6+Tu0TJ0N1oYgNOFDA7W2FeDSIGVH/KIDgDgUeHbY11kD:OIbGD2JTu0GoZQDbGV6eH81kD

    • Modifies WinLogon for persistence

    • Modifies visiblity of hidden/system files in Explorer

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    • Warzone RAT payload

    • Modifies Installed Components in the registry

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks