General

  • Target

    06f311767af562057ee346a3d688a6d0_JaffaCakes118

  • Size

    6.1MB

  • Sample

    240429-gf2p2sca37

  • MD5

    06f311767af562057ee346a3d688a6d0

  • SHA1

    8097fa34080ac2dce5301b1083ddd7ccb98bd2bd

  • SHA256

    e6fd17d8f8657fa96e9ed6fc04bf266680fd5de21c9f3fd609493433e7e71ae6

  • SHA512

    0b730a4fa13c6900fc00d68aa3d6d4feae2a576eaf5a8fa0b0966993030cdfa21bc99f3df3526f99522be68187d67a79da2808f58256c368e60be6a5368efb13

  • SSDEEP

    49152:ATU7AAmw4gxeOw46fUbNecCCFbNecuTU7AAmw4gxeOw46fUbNecCCFbNec7:ATU7d9xZw46G8q8HTU7d9xZw46G8q8K

Malware Config

Targets

    • Target

      06f311767af562057ee346a3d688a6d0_JaffaCakes118

    • Size

      6.1MB

    • MD5

      06f311767af562057ee346a3d688a6d0

    • SHA1

      8097fa34080ac2dce5301b1083ddd7ccb98bd2bd

    • SHA256

      e6fd17d8f8657fa96e9ed6fc04bf266680fd5de21c9f3fd609493433e7e71ae6

    • SHA512

      0b730a4fa13c6900fc00d68aa3d6d4feae2a576eaf5a8fa0b0966993030cdfa21bc99f3df3526f99522be68187d67a79da2808f58256c368e60be6a5368efb13

    • SSDEEP

      49152:ATU7AAmw4gxeOw46fUbNecCCFbNecuTU7AAmw4gxeOw46fUbNecCCFbNec7:ATU7d9xZw46G8q8HTU7d9xZw46G8q8K

    • Modifies WinLogon for persistence

    • Modifies visiblity of hidden/system files in Explorer

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    • Warzone RAT payload

    • Modifies Installed Components in the registry

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks