General
-
Target
117cda2662205772c16f8b1e88dddfb9_JaffaCakes118
-
Size
2.9MB
-
Sample
240504-e2ca6sga97
-
MD5
117cda2662205772c16f8b1e88dddfb9
-
SHA1
2cf2544d356ea2380bb37b77897157cc629ae562
-
SHA256
7d9343f796b3d76ae0570829eb54bba8fbcff40055edb53547c02ca34d38599a
-
SHA512
f627ccdd320d5fbf2603d58610c7a15031e4c0c4024826dd61092d0afd9632c33a4b2a8c7a93d93092e4a9bb0750b8c4d5c60f51ea6acf6380b2bbdefc6d5b61
-
SSDEEP
24576:3Ty7A3mZZcVKfIxTiEVc847flVC6faaQDbGV6eH81k6IbGD2JTu0GoZQDbGV6eH9:3Ty7A3mw4gxeOw46fUbNecCCFbNecG
Malware Config
Targets
-
-
Target
117cda2662205772c16f8b1e88dddfb9_JaffaCakes118
-
Size
2.9MB
-
MD5
117cda2662205772c16f8b1e88dddfb9
-
SHA1
2cf2544d356ea2380bb37b77897157cc629ae562
-
SHA256
7d9343f796b3d76ae0570829eb54bba8fbcff40055edb53547c02ca34d38599a
-
SHA512
f627ccdd320d5fbf2603d58610c7a15031e4c0c4024826dd61092d0afd9632c33a4b2a8c7a93d93092e4a9bb0750b8c4d5c60f51ea6acf6380b2bbdefc6d5b61
-
SSDEEP
24576:3Ty7A3mZZcVKfIxTiEVc847flVC6faaQDbGV6eH81k6IbGD2JTu0GoZQDbGV6eH9:3Ty7A3mw4gxeOw46fUbNecCCFbNecG
Score10/10-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Modifies Installed Components in the registry
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1