General
-
Target
07440c18dfef495385e736de5c0d507b_JaffaCakes118
-
Size
1.2MB
-
Sample
240429-kp3v9aef28
-
MD5
07440c18dfef495385e736de5c0d507b
-
SHA1
95ba58fdc25d612d6bacc18002808ee9e0286029
-
SHA256
fbffce7f8e28c4bb4c61a4ddfdae3156f0e5341a87817d45e5e49e84b61bb83c
-
SHA512
9844962a515a305c8590e4c9665fcb51b1e1c7cb10ad6cb1b5db193f1f021c4ac40757381db271edeae4dc184776364a27bb4d202d0c6b66aeda719a750a85b4
-
SSDEEP
12288:OIbsBDU0I6+Tu0TJ0N1oYgNOFDA7W2FeDSIGVH/KIDgDgUeHbY11kc:OIbGD2JTu0GoZQDbGV6eH81kc
Behavioral task
behavioral1
Sample
07440c18dfef495385e736de5c0d507b_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
07440c18dfef495385e736de5c0d507b_JaffaCakes118.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
07440c18dfef495385e736de5c0d507b_JaffaCakes118
-
Size
1.2MB
-
MD5
07440c18dfef495385e736de5c0d507b
-
SHA1
95ba58fdc25d612d6bacc18002808ee9e0286029
-
SHA256
fbffce7f8e28c4bb4c61a4ddfdae3156f0e5341a87817d45e5e49e84b61bb83c
-
SHA512
9844962a515a305c8590e4c9665fcb51b1e1c7cb10ad6cb1b5db193f1f021c4ac40757381db271edeae4dc184776364a27bb4d202d0c6b66aeda719a750a85b4
-
SSDEEP
12288:OIbsBDU0I6+Tu0TJ0N1oYgNOFDA7W2FeDSIGVH/KIDgDgUeHbY11kc:OIbGD2JTu0GoZQDbGV6eH81kc
-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Modifies Installed Components in the registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1