General
-
Target
1291f5de53b39285a65d0732b53082b3_JaffaCakes118
-
Size
1.2MB
-
Sample
240504-ns6cbsff77
-
MD5
1291f5de53b39285a65d0732b53082b3
-
SHA1
5546329d1ffcfe0b8c9f33f660f7e52d74ffaf03
-
SHA256
2e9855c83b822cfde4cc94806630c39e1725e221d01ae50ae337915f0b8ebda0
-
SHA512
6b99a7df052cee89a03720ffe56b1c353d6ec325988400d17196c27244f1c647e98859a00d3ade5665ef022624028624746528f6917da58f8efa4a9c88be5ea3
-
SSDEEP
12288:OIbsBDU0I6+Tu0TJ0N1oYgNOFDA7W2FeDSIGVH/KIDgDgUeHbY11kr:OIbGD2JTu0GoZQDbGV6eH81kr
Behavioral task
behavioral1
Sample
1291f5de53b39285a65d0732b53082b3_JaffaCakes118.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
1291f5de53b39285a65d0732b53082b3_JaffaCakes118.exe
Resource
win10v2004-20240419-en
Malware Config
Targets
-
-
Target
1291f5de53b39285a65d0732b53082b3_JaffaCakes118
-
Size
1.2MB
-
MD5
1291f5de53b39285a65d0732b53082b3
-
SHA1
5546329d1ffcfe0b8c9f33f660f7e52d74ffaf03
-
SHA256
2e9855c83b822cfde4cc94806630c39e1725e221d01ae50ae337915f0b8ebda0
-
SHA512
6b99a7df052cee89a03720ffe56b1c353d6ec325988400d17196c27244f1c647e98859a00d3ade5665ef022624028624746528f6917da58f8efa4a9c88be5ea3
-
SSDEEP
12288:OIbsBDU0I6+Tu0TJ0N1oYgNOFDA7W2FeDSIGVH/KIDgDgUeHbY11kr:OIbGD2JTu0GoZQDbGV6eH81kr
-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Modifies Installed Components in the registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1