General
-
Target
06469f1dfa36a5a89dcc89f91a29bd8e_JaffaCakes118
-
Size
1.2MB
-
Sample
240428-24s32abd93
-
MD5
06469f1dfa36a5a89dcc89f91a29bd8e
-
SHA1
ef939b6c6cfb982eca486aa9a969bfa1ee52b6f4
-
SHA256
f07703fb7ca4f0bc3c64bbd0b4d79e73530542675044a5e65c2845557564fd24
-
SHA512
a4eb29df100ef06cd4139e749df10ed98cdd782b082ed7b2722821b4fa71d2510f224cea05bde05f69edfcc489c8f7199e659c5351e7b3a65e88a92c85cd2bfc
-
SSDEEP
12288:OIbsBDU0I6+Tu0TJ0N1oYgNOFDA7W2FeDSIGVH/KIDgDgUeHbY11kY:OIbGD2JTu0GoZQDbGV6eH81kY
Behavioral task
behavioral1
Sample
06469f1dfa36a5a89dcc89f91a29bd8e_JaffaCakes118.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
06469f1dfa36a5a89dcc89f91a29bd8e_JaffaCakes118.exe
Resource
win10v2004-20240419-en
Malware Config
Targets
-
-
Target
06469f1dfa36a5a89dcc89f91a29bd8e_JaffaCakes118
-
Size
1.2MB
-
MD5
06469f1dfa36a5a89dcc89f91a29bd8e
-
SHA1
ef939b6c6cfb982eca486aa9a969bfa1ee52b6f4
-
SHA256
f07703fb7ca4f0bc3c64bbd0b4d79e73530542675044a5e65c2845557564fd24
-
SHA512
a4eb29df100ef06cd4139e749df10ed98cdd782b082ed7b2722821b4fa71d2510f224cea05bde05f69edfcc489c8f7199e659c5351e7b3a65e88a92c85cd2bfc
-
SSDEEP
12288:OIbsBDU0I6+Tu0TJ0N1oYgNOFDA7W2FeDSIGVH/KIDgDgUeHbY11kY:OIbGD2JTu0GoZQDbGV6eH81kY
-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Modifies Installed Components in the registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1