General

  • Target

    071f5bc88b4f95c918e23d209389f981_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240429-jbgv7adg8t

  • MD5

    071f5bc88b4f95c918e23d209389f981

  • SHA1

    09898547e5ccd3fc5d223405b4bd79b6222049eb

  • SHA256

    dd72da5a71f98fa3f189b3912e8b456370290e60e99ae4a103b5561bdb3e9abc

  • SHA512

    e06435c3ad020247b318259d006a9b2f25679e326d63ef264167a5b3e8e822bd9ad4fcda584581c4a0d7505f17adc1df7b5ebe7a0627e6a848ef485829a2692e

  • SSDEEP

    12288:GIbsBDU0I6+Tu0TJ0N1oYgeOF5A7W2FeDSIGVH/KIDgDgUeHbY1tka:GIbGD2JTu0GoWQDbGV6eH8tka

Malware Config

Targets

    • Target

      071f5bc88b4f95c918e23d209389f981_JaffaCakes118

    • Size

      1.2MB

    • MD5

      071f5bc88b4f95c918e23d209389f981

    • SHA1

      09898547e5ccd3fc5d223405b4bd79b6222049eb

    • SHA256

      dd72da5a71f98fa3f189b3912e8b456370290e60e99ae4a103b5561bdb3e9abc

    • SHA512

      e06435c3ad020247b318259d006a9b2f25679e326d63ef264167a5b3e8e822bd9ad4fcda584581c4a0d7505f17adc1df7b5ebe7a0627e6a848ef485829a2692e

    • SSDEEP

      12288:GIbsBDU0I6+Tu0TJ0N1oYgeOF5A7W2FeDSIGVH/KIDgDgUeHbY1tka:GIbGD2JTu0GoWQDbGV6eH8tka

    • Modifies WinLogon for persistence

    • Modifies visiblity of hidden/system files in Explorer

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    • Warzone RAT payload

    • Modifies Installed Components in the registry

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks