General
-
Target
02f5590ee8b795b44180a81b4bbbd2f1_JaffaCakes118
-
Size
2.9MB
-
Sample
240427-lnktqage4y
-
MD5
02f5590ee8b795b44180a81b4bbbd2f1
-
SHA1
beb95708a8fe56663e1bf3ab788b031f0b4c1613
-
SHA256
667ea3c2938067fd8020de96e7843b5aa60651d3331af0f45f60fa877a00a439
-
SHA512
4edb0c13c443863fc53ef0cee24cece6c7bc46f75dc02db241bd1068009c1e22b4b5ca806c1cdba3c771f9bd3031b8c49c2bbf41b11d48d280e6f333a0b908fe
-
SSDEEP
24576:3Ty7A3mZZcVKfIxTiEVc847flVC6faaQDbGV6eH81k6IbGD2JTu0GoZQDbGV6eHS:3Ty7A3mw4gxeOw46fUbNecCCFbNecB
Behavioral task
behavioral1
Sample
02f5590ee8b795b44180a81b4bbbd2f1_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
02f5590ee8b795b44180a81b4bbbd2f1_JaffaCakes118.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
02f5590ee8b795b44180a81b4bbbd2f1_JaffaCakes118
-
Size
2.9MB
-
MD5
02f5590ee8b795b44180a81b4bbbd2f1
-
SHA1
beb95708a8fe56663e1bf3ab788b031f0b4c1613
-
SHA256
667ea3c2938067fd8020de96e7843b5aa60651d3331af0f45f60fa877a00a439
-
SHA512
4edb0c13c443863fc53ef0cee24cece6c7bc46f75dc02db241bd1068009c1e22b4b5ca806c1cdba3c771f9bd3031b8c49c2bbf41b11d48d280e6f333a0b908fe
-
SSDEEP
24576:3Ty7A3mZZcVKfIxTiEVc847flVC6faaQDbGV6eH81k6IbGD2JTu0GoZQDbGV6eHS:3Ty7A3mw4gxeOw46fUbNecCCFbNecB
Score10/10-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Modifies Installed Components in the registry
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Defense Evasion
Modify Registry
4Hide Artifacts
1Hidden Files and Directories
1