General

  • Target

    071ce8dc388aa48ca88c4658a3e1652a_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240429-h7z6zadd46

  • MD5

    071ce8dc388aa48ca88c4658a3e1652a

  • SHA1

    7f4e666d5ff6d76dbd82a6535e5fec201443f0d3

  • SHA256

    b15a497b4782ecab8c16087f4233628f80eb78193fc6b4cb25ae31f6e48858e0

  • SHA512

    6e32263685dfb09adeebbca1fef61e513076af161d8f915ebb50809aca8eba1d757169afebf60fc9e9478b49003cbf59f90cca915416a3babc76cc801796dd23

  • SSDEEP

    12288:GIbsBDU0I6+Tu0TJ0N1oYgeOF5A7W2FeDSIGVH/KIDgDgUeHbY1tk9:GIbGD2JTu0GoWQDbGV6eH8tk9

Malware Config

Targets

    • Target

      071ce8dc388aa48ca88c4658a3e1652a_JaffaCakes118

    • Size

      1.2MB

    • MD5

      071ce8dc388aa48ca88c4658a3e1652a

    • SHA1

      7f4e666d5ff6d76dbd82a6535e5fec201443f0d3

    • SHA256

      b15a497b4782ecab8c16087f4233628f80eb78193fc6b4cb25ae31f6e48858e0

    • SHA512

      6e32263685dfb09adeebbca1fef61e513076af161d8f915ebb50809aca8eba1d757169afebf60fc9e9478b49003cbf59f90cca915416a3babc76cc801796dd23

    • SSDEEP

      12288:GIbsBDU0I6+Tu0TJ0N1oYgeOF5A7W2FeDSIGVH/KIDgDgUeHbY1tk9:GIbGD2JTu0GoWQDbGV6eH8tk9

    • Modifies WinLogon for persistence

    • Modifies visiblity of hidden/system files in Explorer

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    • Warzone RAT payload

    • Modifies Installed Components in the registry

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks