General
-
Target
071f5bc88b4f95c918e23d209389f981_JaffaCakes118
-
Size
1.2MB
-
Sample
240429-jbgv7adg8t
-
MD5
071f5bc88b4f95c918e23d209389f981
-
SHA1
09898547e5ccd3fc5d223405b4bd79b6222049eb
-
SHA256
dd72da5a71f98fa3f189b3912e8b456370290e60e99ae4a103b5561bdb3e9abc
-
SHA512
e06435c3ad020247b318259d006a9b2f25679e326d63ef264167a5b3e8e822bd9ad4fcda584581c4a0d7505f17adc1df7b5ebe7a0627e6a848ef485829a2692e
-
SSDEEP
12288:GIbsBDU0I6+Tu0TJ0N1oYgeOF5A7W2FeDSIGVH/KIDgDgUeHbY1tka:GIbGD2JTu0GoWQDbGV6eH8tka
Behavioral task
behavioral1
Sample
071f5bc88b4f95c918e23d209389f981_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
071f5bc88b4f95c918e23d209389f981_JaffaCakes118.exe
Resource
win10v2004-20240419-en
Malware Config
Targets
-
-
Target
071f5bc88b4f95c918e23d209389f981_JaffaCakes118
-
Size
1.2MB
-
MD5
071f5bc88b4f95c918e23d209389f981
-
SHA1
09898547e5ccd3fc5d223405b4bd79b6222049eb
-
SHA256
dd72da5a71f98fa3f189b3912e8b456370290e60e99ae4a103b5561bdb3e9abc
-
SHA512
e06435c3ad020247b318259d006a9b2f25679e326d63ef264167a5b3e8e822bd9ad4fcda584581c4a0d7505f17adc1df7b5ebe7a0627e6a848ef485829a2692e
-
SSDEEP
12288:GIbsBDU0I6+Tu0TJ0N1oYgeOF5A7W2FeDSIGVH/KIDgDgUeHbY1tka:GIbGD2JTu0GoWQDbGV6eH8tka
-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Modifies Installed Components in the registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1