General
-
Target
05ed34336a57c32067b70dad6ed34053_JaffaCakes118
-
Size
2.9MB
-
Sample
240428-ydw58afg5t
-
MD5
05ed34336a57c32067b70dad6ed34053
-
SHA1
1fb2309fb291e65b7597638a55d1891cb90d26d7
-
SHA256
6eece4806c8bf747902d294b848541c47b364d234e0ae5940422cfe6d43b50ae
-
SHA512
9e2306065c70ae266ba96d1d2d83081ffa89e300f88a41ed786645a6cffd6031362885850461caee9069578755631901def0421fc32e21e29908c49e159f9666
-
SSDEEP
24576:ATU7AAmZZcVKfIxTiEVc847flVC6faaQDbGV6eH81k6IbGD2JTu0GoZQDbGV6eHx:ATU7AAmw4gxeOw46fUbNecCCFbNecG
Behavioral task
behavioral1
Sample
05ed34336a57c32067b70dad6ed34053_JaffaCakes118.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
05ed34336a57c32067b70dad6ed34053_JaffaCakes118.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
05ed34336a57c32067b70dad6ed34053_JaffaCakes118
-
Size
2.9MB
-
MD5
05ed34336a57c32067b70dad6ed34053
-
SHA1
1fb2309fb291e65b7597638a55d1891cb90d26d7
-
SHA256
6eece4806c8bf747902d294b848541c47b364d234e0ae5940422cfe6d43b50ae
-
SHA512
9e2306065c70ae266ba96d1d2d83081ffa89e300f88a41ed786645a6cffd6031362885850461caee9069578755631901def0421fc32e21e29908c49e159f9666
-
SSDEEP
24576:ATU7AAmZZcVKfIxTiEVc847flVC6faaQDbGV6eH81k6IbGD2JTu0GoZQDbGV6eHx:ATU7AAmw4gxeOw46fUbNecCCFbNecG
Score10/10-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Modifies Installed Components in the registry
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Defense Evasion
Modify Registry
4Hide Artifacts
1Hidden Files and Directories
1