General
-
Target
047174833d82a08e6708f763dc2e9509_JaffaCakes118
-
Size
1.8MB
-
Sample
240428-fvheaagg68
-
MD5
047174833d82a08e6708f763dc2e9509
-
SHA1
2c838c06317501037fdf9642283b54e3fa553522
-
SHA256
81e2235db13544d9c1b41dfe49aeeae18f9410b01f125522f1be5adde02b98fd
-
SHA512
54c7e6a54f66c5c581b88b4c418a598be76c3f6f5681a30314ce0d4c32dfc50098eeb8e905ccc708ff0c020dcb217a6da5c229e017d70e9c60947fe0470cd0c9
-
SSDEEP
12288:c99Vbpgx4OuE+aCpBPY0PkI686WNUfWO6yuXzT5SPlSG9dA7W2FeDSIGVH/KIDgg:o1gg4CppEI6GGfWDkMQDbGV6eH8tkz
Behavioral task
behavioral1
Sample
047174833d82a08e6708f763dc2e9509_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
047174833d82a08e6708f763dc2e9509_JaffaCakes118.exe
Resource
win10v2004-20240419-en
Malware Config
Targets
-
-
Target
047174833d82a08e6708f763dc2e9509_JaffaCakes118
-
Size
1.8MB
-
MD5
047174833d82a08e6708f763dc2e9509
-
SHA1
2c838c06317501037fdf9642283b54e3fa553522
-
SHA256
81e2235db13544d9c1b41dfe49aeeae18f9410b01f125522f1be5adde02b98fd
-
SHA512
54c7e6a54f66c5c581b88b4c418a598be76c3f6f5681a30314ce0d4c32dfc50098eeb8e905ccc708ff0c020dcb217a6da5c229e017d70e9c60947fe0470cd0c9
-
SSDEEP
12288:c99Vbpgx4OuE+aCpBPY0PkI686WNUfWO6yuXzT5SPlSG9dA7W2FeDSIGVH/KIDgg:o1gg4CppEI6GGfWDkMQDbGV6eH8tkz
Score10/10-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Modifies Installed Components in the registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1