General
-
Target
05acd96f3b078b5457fa5d75fd9c4031_JaffaCakes118
-
Size
2.7MB
-
Sample
240428-vpfe3acg41
-
MD5
05acd96f3b078b5457fa5d75fd9c4031
-
SHA1
329634aea8ef821953547ccbae0bd28e40fd3e5e
-
SHA256
dedec45c96601d5e4ffbb4520bec73a729e4f291e8fa0a40b067c600667c02cb
-
SHA512
0baea9f30bdf19ebf8814809b6648f4158ee8cf2a0d0e2fe8b3398d3eb884e6d6efe235660d0f4375e750789d697c9e11f7103a3a3ac4f50778d73450f103f84
-
SSDEEP
24576:ssF6mZZcVKfIxTiEVc847flVC6faaQDbGV6eH81k6IbGD2JTu0GoZQDbGV6eH813:fF6mw4gxeOw46fUbNecCCFbNecF
Behavioral task
behavioral1
Sample
05acd96f3b078b5457fa5d75fd9c4031_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
05acd96f3b078b5457fa5d75fd9c4031_JaffaCakes118.exe
Resource
win10v2004-20240419-en
Malware Config
Targets
-
-
Target
05acd96f3b078b5457fa5d75fd9c4031_JaffaCakes118
-
Size
2.7MB
-
MD5
05acd96f3b078b5457fa5d75fd9c4031
-
SHA1
329634aea8ef821953547ccbae0bd28e40fd3e5e
-
SHA256
dedec45c96601d5e4ffbb4520bec73a729e4f291e8fa0a40b067c600667c02cb
-
SHA512
0baea9f30bdf19ebf8814809b6648f4158ee8cf2a0d0e2fe8b3398d3eb884e6d6efe235660d0f4375e750789d697c9e11f7103a3a3ac4f50778d73450f103f84
-
SSDEEP
24576:ssF6mZZcVKfIxTiEVc847flVC6faaQDbGV6eH81k6IbGD2JTu0GoZQDbGV6eH813:fF6mw4gxeOw46fUbNecCCFbNecF
Score10/10-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Modifies Installed Components in the registry
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
4