General

  • Target

    06469f1dfa36a5a89dcc89f91a29bd8e_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240428-24s32abd93

  • MD5

    06469f1dfa36a5a89dcc89f91a29bd8e

  • SHA1

    ef939b6c6cfb982eca486aa9a969bfa1ee52b6f4

  • SHA256

    f07703fb7ca4f0bc3c64bbd0b4d79e73530542675044a5e65c2845557564fd24

  • SHA512

    a4eb29df100ef06cd4139e749df10ed98cdd782b082ed7b2722821b4fa71d2510f224cea05bde05f69edfcc489c8f7199e659c5351e7b3a65e88a92c85cd2bfc

  • SSDEEP

    12288:OIbsBDU0I6+Tu0TJ0N1oYgNOFDA7W2FeDSIGVH/KIDgDgUeHbY11kY:OIbGD2JTu0GoZQDbGV6eH81kY

Malware Config

Targets

    • Target

      06469f1dfa36a5a89dcc89f91a29bd8e_JaffaCakes118

    • Size

      1.2MB

    • MD5

      06469f1dfa36a5a89dcc89f91a29bd8e

    • SHA1

      ef939b6c6cfb982eca486aa9a969bfa1ee52b6f4

    • SHA256

      f07703fb7ca4f0bc3c64bbd0b4d79e73530542675044a5e65c2845557564fd24

    • SHA512

      a4eb29df100ef06cd4139e749df10ed98cdd782b082ed7b2722821b4fa71d2510f224cea05bde05f69edfcc489c8f7199e659c5351e7b3a65e88a92c85cd2bfc

    • SSDEEP

      12288:OIbsBDU0I6+Tu0TJ0N1oYgNOFDA7W2FeDSIGVH/KIDgDgUeHbY11kY:OIbGD2JTu0GoZQDbGV6eH81kY

    • Modifies WinLogon for persistence

    • Modifies visiblity of hidden/system files in Explorer

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    • Warzone RAT payload

    • Modifies Installed Components in the registry

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks