General

  • Target

    0a526781b0524b3b4b46b182d302766c_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240728-ftz8pszckl

  • MD5

    0a526781b0524b3b4b46b182d302766c

  • SHA1

    5b61e53e5a9c0166da12bb220da4acea85a5eff4

  • SHA256

    a2af2f4f0e821dae3d1f43b2a207979c217cf55553579a5a44e91551f2c2c67a

  • SHA512

    bb1531811423371548d39264700211515b18f9fbcabe7c78708aee9c8bada21e6c84834371e8484a1c3e90579c7422f813af2beb97c038f7e5c46c14ef82e3c8

  • SSDEEP

    12288:OIbsBDU0I6+Tu0TJ0N1oYgNOFDA7W2FeDSIGVH/KIDgDgUeHbY11ku:OIbGD2JTu0GoZQDbGV6eH81ku

Malware Config

Targets

    • Target

      0a526781b0524b3b4b46b182d302766c_JaffaCakes118

    • Size

      1.2MB

    • MD5

      0a526781b0524b3b4b46b182d302766c

    • SHA1

      5b61e53e5a9c0166da12bb220da4acea85a5eff4

    • SHA256

      a2af2f4f0e821dae3d1f43b2a207979c217cf55553579a5a44e91551f2c2c67a

    • SHA512

      bb1531811423371548d39264700211515b18f9fbcabe7c78708aee9c8bada21e6c84834371e8484a1c3e90579c7422f813af2beb97c038f7e5c46c14ef82e3c8

    • SSDEEP

      12288:OIbsBDU0I6+Tu0TJ0N1oYgNOFDA7W2FeDSIGVH/KIDgDgUeHbY11ku:OIbGD2JTu0GoZQDbGV6eH81ku

    • Modifies WinLogon for persistence

    • Modifies visiblity of hidden/system files in Explorer

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    • Warzone RAT payload

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks