General
-
Target
02505e7453e8583d871cab6f65b33d48_JaffaCakes118
-
Size
1.2MB
-
Sample
240427-d1qazaaa64
-
MD5
02505e7453e8583d871cab6f65b33d48
-
SHA1
cd8ef0edf6b31e5c8b93e81860eee2c941f5b356
-
SHA256
42a6cee4703b642062efaa4d325e89f1902ffd618abbcb5c9e80a3edcb5ca0a5
-
SHA512
64531f8444dbbe6cad7aa463ce98492f909c30ce6509b01b8b8e9055f9a863cb30e11fc1dc295bf1eec9e99a3a196255a29320cf06d1f4b06a04ce2ac52bc38b
-
SSDEEP
12288:OIbsBDU0I6+Tu0TJ0N1oYgNOFDA7W2FeDSIGVH/KIDgDgUeHbY11kD:OIbGD2JTu0GoZQDbGV6eH81kD
Behavioral task
behavioral1
Sample
02505e7453e8583d871cab6f65b33d48_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
02505e7453e8583d871cab6f65b33d48_JaffaCakes118.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
02505e7453e8583d871cab6f65b33d48_JaffaCakes118
-
Size
1.2MB
-
MD5
02505e7453e8583d871cab6f65b33d48
-
SHA1
cd8ef0edf6b31e5c8b93e81860eee2c941f5b356
-
SHA256
42a6cee4703b642062efaa4d325e89f1902ffd618abbcb5c9e80a3edcb5ca0a5
-
SHA512
64531f8444dbbe6cad7aa463ce98492f909c30ce6509b01b8b8e9055f9a863cb30e11fc1dc295bf1eec9e99a3a196255a29320cf06d1f4b06a04ce2ac52bc38b
-
SSDEEP
12288:OIbsBDU0I6+Tu0TJ0N1oYgNOFDA7W2FeDSIGVH/KIDgDgUeHbY11kD:OIbGD2JTu0GoZQDbGV6eH81kD
-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Modifies Installed Components in the registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1