General
-
Target
09102b724d08871b31d9618a5cc78932_JaffaCakes118
-
Size
1.2MB
-
Sample
240430-fhgl8adc91
-
MD5
09102b724d08871b31d9618a5cc78932
-
SHA1
4217a8ed99a6b822ba9a46b56b1c14c4b0c3719a
-
SHA256
5b09f5b87758a75b32f8c9d756d8987d789e15a8a089ea27a96e69350c6e5942
-
SHA512
f5e2ebff372382d497162b36998189faeb135380ec126cb20bff23859eb38c1922440396a669df28293be9052fcfccdcb83fe428e4b4aad97090f91f4a32dbe7
-
SSDEEP
12288:GIbsBDU0I6+Tu0TJ0N1oYgeOF5A7W2FeDSIGVH/KIDgDgUeHbY1tkn:GIbGD2JTu0GoWQDbGV6eH8tkn
Behavioral task
behavioral1
Sample
09102b724d08871b31d9618a5cc78932_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
09102b724d08871b31d9618a5cc78932_JaffaCakes118.exe
Resource
win10v2004-20240419-en
Malware Config
Targets
-
-
Target
09102b724d08871b31d9618a5cc78932_JaffaCakes118
-
Size
1.2MB
-
MD5
09102b724d08871b31d9618a5cc78932
-
SHA1
4217a8ed99a6b822ba9a46b56b1c14c4b0c3719a
-
SHA256
5b09f5b87758a75b32f8c9d756d8987d789e15a8a089ea27a96e69350c6e5942
-
SHA512
f5e2ebff372382d497162b36998189faeb135380ec126cb20bff23859eb38c1922440396a669df28293be9052fcfccdcb83fe428e4b4aad97090f91f4a32dbe7
-
SSDEEP
12288:GIbsBDU0I6+Tu0TJ0N1oYgeOF5A7W2FeDSIGVH/KIDgDgUeHbY1tkn:GIbGD2JTu0GoWQDbGV6eH8tkn
-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Modifies Installed Components in the registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1