General
-
Target
0de144d4c816040028ac945ff3b82e03_JaffaCakes118
-
Size
6.1MB
-
Sample
240728-hw34gsthkj
-
MD5
0de144d4c816040028ac945ff3b82e03
-
SHA1
4b729ecd18cd6545280c516f639e9e8d1594031d
-
SHA256
66f1b2e4d832f68049fe1c4c0c010dbc6e21339055fd21d41859d1af5cba6a55
-
SHA512
494050c968250efb6b416f9d6f3da516b77319ed044eeb8533b5ac23a80b89872efbd49ea3a182f6b61a8214b8c568fcedf82d8d309537321a2a84447e9bd893
-
SSDEEP
49152:ATU7AAmw4gxeOw46fUbNecCCFbNecuTU7AAmw4gxeOw46fUbNecCCFbNecB:ATU7d9xZw46G8q8HTU7d9xZw46G8q8C
Behavioral task
behavioral1
Sample
0de144d4c816040028ac945ff3b82e03_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
0de144d4c816040028ac945ff3b82e03_JaffaCakes118.exe
Resource
win10v2004-20240730-en
Malware Config
Targets
-
-
Target
0de144d4c816040028ac945ff3b82e03_JaffaCakes118
-
Size
6.1MB
-
MD5
0de144d4c816040028ac945ff3b82e03
-
SHA1
4b729ecd18cd6545280c516f639e9e8d1594031d
-
SHA256
66f1b2e4d832f68049fe1c4c0c010dbc6e21339055fd21d41859d1af5cba6a55
-
SHA512
494050c968250efb6b416f9d6f3da516b77319ed044eeb8533b5ac23a80b89872efbd49ea3a182f6b61a8214b8c568fcedf82d8d309537321a2a84447e9bd893
-
SSDEEP
49152:ATU7AAmw4gxeOw46fUbNecCCFbNecuTU7AAmw4gxeOw46fUbNecCCFbNecB:ATU7d9xZw46G8q8HTU7d9xZw46G8q8C
-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
4