General
-
Target
193509c2e2367d259d00965df93058b1_JaffaCakes118
-
Size
2.9MB
-
Sample
240505-zj632sge95
-
MD5
193509c2e2367d259d00965df93058b1
-
SHA1
06558a1e0dbaac4df31a2a90dd8fd179276edd54
-
SHA256
4c001bd2888d312d2a4ffb693d7a6d918f08fc8cbe76dfafbef7b315e1b3b20e
-
SHA512
cd02693ff251e815e83f98c1882b4db776f047b13211ff51e85a397a6774f63f3d01fc5d7d2e738bdf2b34e90c1c9762f9db1e579e6b3cba0c252a0ff9612c23
-
SSDEEP
24576:ATU7AAmZZcVKfIxTiEVc847flVC6faaQDbGV6eH81k6IbGD2JTu0GoZQDbGV6eHN:ATU7AAmw4gxeOw46fUbNecCCFbNecY
Behavioral task
behavioral1
Sample
193509c2e2367d259d00965df93058b1_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
193509c2e2367d259d00965df93058b1_JaffaCakes118.exe
Resource
win10v2004-20240419-en
Malware Config
Targets
-
-
Target
193509c2e2367d259d00965df93058b1_JaffaCakes118
-
Size
2.9MB
-
MD5
193509c2e2367d259d00965df93058b1
-
SHA1
06558a1e0dbaac4df31a2a90dd8fd179276edd54
-
SHA256
4c001bd2888d312d2a4ffb693d7a6d918f08fc8cbe76dfafbef7b315e1b3b20e
-
SHA512
cd02693ff251e815e83f98c1882b4db776f047b13211ff51e85a397a6774f63f3d01fc5d7d2e738bdf2b34e90c1c9762f9db1e579e6b3cba0c252a0ff9612c23
-
SSDEEP
24576:ATU7AAmZZcVKfIxTiEVc847flVC6faaQDbGV6eH81k6IbGD2JTu0GoZQDbGV6eHN:ATU7AAmw4gxeOw46fUbNecCCFbNecY
Score10/10-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Modifies Installed Components in the registry
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
4