General
-
Target
071ce8dc388aa48ca88c4658a3e1652a_JaffaCakes118
-
Size
1.2MB
-
Sample
240429-h7z6zadd46
-
MD5
071ce8dc388aa48ca88c4658a3e1652a
-
SHA1
7f4e666d5ff6d76dbd82a6535e5fec201443f0d3
-
SHA256
b15a497b4782ecab8c16087f4233628f80eb78193fc6b4cb25ae31f6e48858e0
-
SHA512
6e32263685dfb09adeebbca1fef61e513076af161d8f915ebb50809aca8eba1d757169afebf60fc9e9478b49003cbf59f90cca915416a3babc76cc801796dd23
-
SSDEEP
12288:GIbsBDU0I6+Tu0TJ0N1oYgeOF5A7W2FeDSIGVH/KIDgDgUeHbY1tk9:GIbGD2JTu0GoWQDbGV6eH8tk9
Behavioral task
behavioral1
Sample
071ce8dc388aa48ca88c4658a3e1652a_JaffaCakes118.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
071ce8dc388aa48ca88c4658a3e1652a_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
071ce8dc388aa48ca88c4658a3e1652a_JaffaCakes118
-
Size
1.2MB
-
MD5
071ce8dc388aa48ca88c4658a3e1652a
-
SHA1
7f4e666d5ff6d76dbd82a6535e5fec201443f0d3
-
SHA256
b15a497b4782ecab8c16087f4233628f80eb78193fc6b4cb25ae31f6e48858e0
-
SHA512
6e32263685dfb09adeebbca1fef61e513076af161d8f915ebb50809aca8eba1d757169afebf60fc9e9478b49003cbf59f90cca915416a3babc76cc801796dd23
-
SSDEEP
12288:GIbsBDU0I6+Tu0TJ0N1oYgeOF5A7W2FeDSIGVH/KIDgDgUeHbY1tk9:GIbGD2JTu0GoWQDbGV6eH8tk9
-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Modifies Installed Components in the registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1