General
-
Target
075092dff7aa66f5df0aa32e889d2abf_JaffaCakes118
-
Size
2.7MB
-
Sample
240728-dzgx7svhnn
-
MD5
075092dff7aa66f5df0aa32e889d2abf
-
SHA1
015ee6dc2eba4a19ee3a1ad070b5d683f6fd048c
-
SHA256
c35b352ff2772fe47def91aa3d28d803bd2ecbc64ce7029420ca28fccb62f14b
-
SHA512
015977e7594575a77cc88b206787c2e5ff35e10c1a431f3b334a8938880515d57f40cc7afdbe9899e7769bb2acb0cfa7d3022103b24e16cbee142a603bbb8e22
-
SSDEEP
24576:ssF6mZZcVKfIxTiEVc847flVC6faaQDbGV6eH81k6IbGD2JTu0GoZQDbGV6eH810:fF6mw4gxeOw46fUbNecCCFbNecm
Behavioral task
behavioral1
Sample
075092dff7aa66f5df0aa32e889d2abf_JaffaCakes118.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
075092dff7aa66f5df0aa32e889d2abf_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
075092dff7aa66f5df0aa32e889d2abf_JaffaCakes118
-
Size
2.7MB
-
MD5
075092dff7aa66f5df0aa32e889d2abf
-
SHA1
015ee6dc2eba4a19ee3a1ad070b5d683f6fd048c
-
SHA256
c35b352ff2772fe47def91aa3d28d803bd2ecbc64ce7029420ca28fccb62f14b
-
SHA512
015977e7594575a77cc88b206787c2e5ff35e10c1a431f3b334a8938880515d57f40cc7afdbe9899e7769bb2acb0cfa7d3022103b24e16cbee142a603bbb8e22
-
SSDEEP
24576:ssF6mZZcVKfIxTiEVc847flVC6faaQDbGV6eH81k6IbGD2JTu0GoZQDbGV6eH810:fF6mw4gxeOw46fUbNecCCFbNecm
-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
4