General
-
Target
1edc7316c4d48e2879ba6c4ee0da4259_JaffaCakes118
-
Size
2.7MB
-
Sample
240507-az5gqade49
-
MD5
1edc7316c4d48e2879ba6c4ee0da4259
-
SHA1
1f855c5d9ac21d1823f6c457614ba43fc4aa290d
-
SHA256
51dcb790330eb942e8573c657e2df617b40b422d50d782593ac2cbfeff9ba74f
-
SHA512
58c2688f555017e0a916e015e34f4a1f0dbbe29b60c49bfd02b48f096c61fa97d35cbc3be3a1b465f431caa6b1f435b007b8a926ab102b888f23b53cb23ae1fb
-
SSDEEP
24576:ssF6mZZcVKfIxTiEVc847flVC6faaQDbGV6eH81k6IbGD2JTu0GoZQDbGV6eH81X:fF6mw4gxeOw46fUbNecCCFbNecN
Behavioral task
behavioral1
Sample
1edc7316c4d48e2879ba6c4ee0da4259_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
1edc7316c4d48e2879ba6c4ee0da4259_JaffaCakes118.exe
Resource
win10v2004-20240419-en
Malware Config
Targets
-
-
Target
1edc7316c4d48e2879ba6c4ee0da4259_JaffaCakes118
-
Size
2.7MB
-
MD5
1edc7316c4d48e2879ba6c4ee0da4259
-
SHA1
1f855c5d9ac21d1823f6c457614ba43fc4aa290d
-
SHA256
51dcb790330eb942e8573c657e2df617b40b422d50d782593ac2cbfeff9ba74f
-
SHA512
58c2688f555017e0a916e015e34f4a1f0dbbe29b60c49bfd02b48f096c61fa97d35cbc3be3a1b465f431caa6b1f435b007b8a926ab102b888f23b53cb23ae1fb
-
SSDEEP
24576:ssF6mZZcVKfIxTiEVc847flVC6faaQDbGV6eH81k6IbGD2JTu0GoZQDbGV6eH81X:fF6mw4gxeOw46fUbNecCCFbNecN
Score10/10-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Modifies Installed Components in the registry
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
4