General

  • Target

    07440c18dfef495385e736de5c0d507b_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240429-kp3v9aef28

  • MD5

    07440c18dfef495385e736de5c0d507b

  • SHA1

    95ba58fdc25d612d6bacc18002808ee9e0286029

  • SHA256

    fbffce7f8e28c4bb4c61a4ddfdae3156f0e5341a87817d45e5e49e84b61bb83c

  • SHA512

    9844962a515a305c8590e4c9665fcb51b1e1c7cb10ad6cb1b5db193f1f021c4ac40757381db271edeae4dc184776364a27bb4d202d0c6b66aeda719a750a85b4

  • SSDEEP

    12288:OIbsBDU0I6+Tu0TJ0N1oYgNOFDA7W2FeDSIGVH/KIDgDgUeHbY11kc:OIbGD2JTu0GoZQDbGV6eH81kc

Malware Config

Targets

    • Target

      07440c18dfef495385e736de5c0d507b_JaffaCakes118

    • Size

      1.2MB

    • MD5

      07440c18dfef495385e736de5c0d507b

    • SHA1

      95ba58fdc25d612d6bacc18002808ee9e0286029

    • SHA256

      fbffce7f8e28c4bb4c61a4ddfdae3156f0e5341a87817d45e5e49e84b61bb83c

    • SHA512

      9844962a515a305c8590e4c9665fcb51b1e1c7cb10ad6cb1b5db193f1f021c4ac40757381db271edeae4dc184776364a27bb4d202d0c6b66aeda719a750a85b4

    • SSDEEP

      12288:OIbsBDU0I6+Tu0TJ0N1oYgNOFDA7W2FeDSIGVH/KIDgDgUeHbY11kc:OIbGD2JTu0GoZQDbGV6eH81kc

    • Modifies WinLogon for persistence

    • Modifies visiblity of hidden/system files in Explorer

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    • Warzone RAT payload

    • Modifies Installed Components in the registry

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks