General
-
Target
0c11fe67d83f1a48d6885f099021cea6_JaffaCakes118
-
Size
2.9MB
-
Sample
240501-r3pzwabd57
-
MD5
0c11fe67d83f1a48d6885f099021cea6
-
SHA1
2899aac301635068b8b11b3f0577a39c26695494
-
SHA256
db0a6cf15ef5a7196f27c2ed80c5eac8c9cfaaa609d0f1bfae108b524b320958
-
SHA512
c923413d9ca7facdab95c73d662cd731ffb90523cb984e6d39f6efeee4fefc4321860d09f0ab02799d1544202b7f46c943e13a6603c894fc334f7f2953754f14
-
SSDEEP
24576:3Ty7A3mZZcVKfIxTiEVc847flVC6faaQDbGV6eH81k6IbGD2JTu0GoZQDbGV6eHw:3Ty7A3mw4gxeOw46fUbNecCCFbNecR
Behavioral task
behavioral1
Sample
0c11fe67d83f1a48d6885f099021cea6_JaffaCakes118.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
0c11fe67d83f1a48d6885f099021cea6_JaffaCakes118.exe
Resource
win10v2004-20240419-en
Malware Config
Targets
-
-
Target
0c11fe67d83f1a48d6885f099021cea6_JaffaCakes118
-
Size
2.9MB
-
MD5
0c11fe67d83f1a48d6885f099021cea6
-
SHA1
2899aac301635068b8b11b3f0577a39c26695494
-
SHA256
db0a6cf15ef5a7196f27c2ed80c5eac8c9cfaaa609d0f1bfae108b524b320958
-
SHA512
c923413d9ca7facdab95c73d662cd731ffb90523cb984e6d39f6efeee4fefc4321860d09f0ab02799d1544202b7f46c943e13a6603c894fc334f7f2953754f14
-
SSDEEP
24576:3Ty7A3mZZcVKfIxTiEVc847flVC6faaQDbGV6eH81k6IbGD2JTu0GoZQDbGV6eHw:3Ty7A3mw4gxeOw46fUbNecCCFbNecR
Score10/10-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Modifies Installed Components in the registry
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1