General

  • Target

    057312f67a79ab062ebb7675332842b7_JaffaCakes118

  • Size

    2.9MB

  • Sample

    240728-cejevsvekf

  • MD5

    057312f67a79ab062ebb7675332842b7

  • SHA1

    2d7cdc953d8d88a3073123eddb8f16931442cd2d

  • SHA256

    d86fb357615dbda244cb73b7f44fd12fe6a986f2b220f82f4b8699ac801f54e9

  • SHA512

    46e5ad9049f5c30375c2b666d224bf142681430458724ec8db79ff4a2df8566006c748ec388c274a137fa0753e4a6999aa317c008dce7adbc6177e8f3a1b0776

  • SSDEEP

    24576:3Ty7A3mZZcVKfIxTiEVc847flVC6faaQDbGV6eH81k6IbGD2JTu0GoZQDbGV6eHW:3Ty7A3mw4gxeOw46fUbNecCCFbNec1

Malware Config

Targets

    • Target

      057312f67a79ab062ebb7675332842b7_JaffaCakes118

    • Size

      2.9MB

    • MD5

      057312f67a79ab062ebb7675332842b7

    • SHA1

      2d7cdc953d8d88a3073123eddb8f16931442cd2d

    • SHA256

      d86fb357615dbda244cb73b7f44fd12fe6a986f2b220f82f4b8699ac801f54e9

    • SHA512

      46e5ad9049f5c30375c2b666d224bf142681430458724ec8db79ff4a2df8566006c748ec388c274a137fa0753e4a6999aa317c008dce7adbc6177e8f3a1b0776

    • SSDEEP

      24576:3Ty7A3mZZcVKfIxTiEVc847flVC6faaQDbGV6eH81k6IbGD2JTu0GoZQDbGV6eHW:3Ty7A3mw4gxeOw46fUbNecCCFbNec1

    • Modifies WinLogon for persistence

    • Modifies visiblity of hidden/system files in Explorer

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    • Warzone RAT payload

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks