General
-
Target
12c606611f8eaadceccc1a8c60983148_JaffaCakes118
-
Size
2.9MB
-
Sample
240504-pvwfksha43
-
MD5
12c606611f8eaadceccc1a8c60983148
-
SHA1
26d7b0e794f5d9a1db9264a1a8289192050bf746
-
SHA256
8710b209b3782ced7921249e5dacd6831c1d28eca069dda367706aa9c6bb1b4e
-
SHA512
a4b3fbb839d6efdae1eb3dd1dd97b630f86273d83960ade7c80fd92d641840ec359dce29e03209d941214f4bf9a801c0f1acdad24c0ef4f177db6480df5990b8
-
SSDEEP
24576:3Ty7A3mZZcVKfIxTiEVc847flVC6faaQDbGV6eH81k6IbGD2JTu0GoZQDbGV6eHs:3Ty7A3mw4gxeOw46fUbNecCCFbNecF
Malware Config
Targets
-
-
Target
12c606611f8eaadceccc1a8c60983148_JaffaCakes118
-
Size
2.9MB
-
MD5
12c606611f8eaadceccc1a8c60983148
-
SHA1
26d7b0e794f5d9a1db9264a1a8289192050bf746
-
SHA256
8710b209b3782ced7921249e5dacd6831c1d28eca069dda367706aa9c6bb1b4e
-
SHA512
a4b3fbb839d6efdae1eb3dd1dd97b630f86273d83960ade7c80fd92d641840ec359dce29e03209d941214f4bf9a801c0f1acdad24c0ef4f177db6480df5990b8
-
SSDEEP
24576:3Ty7A3mZZcVKfIxTiEVc847flVC6faaQDbGV6eH81k6IbGD2JTu0GoZQDbGV6eHs:3Ty7A3mw4gxeOw46fUbNecCCFbNecF
Score10/10-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Modifies Installed Components in the registry
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
4