General
-
Target
16ab99e0ac1897405a4d16b44b29c0af_JaffaCakes118
-
Size
1.2MB
-
Sample
240505-jlxz6abe3x
-
MD5
16ab99e0ac1897405a4d16b44b29c0af
-
SHA1
e0e474c2748c474810774622dee6a77e31e58f1a
-
SHA256
ab0d602717ad9c3085c21ea4cb3bbf53c47c22d74112d7f69fba26efe5cedaf6
-
SHA512
7dc4494c23b3d9245a1340bd46020172fa5a62c2220e63af63fecf21e6b96503982c89fc2b9d468dce583911b6212243f0fcdfb02f1eeb9fe11f06cc3bc1ca33
-
SSDEEP
12288:OIbsBDU0I6+Tu0TJ0N1oYgNOFDA7W2FeDSIGVH/KIDgDgUeHbY11kj:OIbGD2JTu0GoZQDbGV6eH81kj
Behavioral task
behavioral1
Sample
16ab99e0ac1897405a4d16b44b29c0af_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
16ab99e0ac1897405a4d16b44b29c0af_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
16ab99e0ac1897405a4d16b44b29c0af_JaffaCakes118
-
Size
1.2MB
-
MD5
16ab99e0ac1897405a4d16b44b29c0af
-
SHA1
e0e474c2748c474810774622dee6a77e31e58f1a
-
SHA256
ab0d602717ad9c3085c21ea4cb3bbf53c47c22d74112d7f69fba26efe5cedaf6
-
SHA512
7dc4494c23b3d9245a1340bd46020172fa5a62c2220e63af63fecf21e6b96503982c89fc2b9d468dce583911b6212243f0fcdfb02f1eeb9fe11f06cc3bc1ca33
-
SSDEEP
12288:OIbsBDU0I6+Tu0TJ0N1oYgNOFDA7W2FeDSIGVH/KIDgDgUeHbY11kj:OIbGD2JTu0GoZQDbGV6eH81kj
-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Modifies Installed Components in the registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1