General

  • Target

    1012621679ec189562231fe791d0450c_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240728-j3n4kszgne

  • MD5

    1012621679ec189562231fe791d0450c

  • SHA1

    cdfe3cb24b48ee388bb4ec4233b73220f7cfe41b

  • SHA256

    8277e6246990a8fee9c25b320a495cdb6fde20949a2648ccab70b886137ef49e

  • SHA512

    7a9f631823acd323170a817cdb85f906669c99a95296f00fef1948d6c547212fd6e4c5f062d1c030f52f02b47e691964c23fb7a4e80490184ff3244ed11875ba

  • SSDEEP

    24576:OIbGD2JTu0GoZQDbGV6eH81kyUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU0:DCFbNechUUUUUUUUUUUUUUUUUUUUUUU7

Malware Config

Targets

    • Target

      1012621679ec189562231fe791d0450c_JaffaCakes118

    • Size

      1.2MB

    • MD5

      1012621679ec189562231fe791d0450c

    • SHA1

      cdfe3cb24b48ee388bb4ec4233b73220f7cfe41b

    • SHA256

      8277e6246990a8fee9c25b320a495cdb6fde20949a2648ccab70b886137ef49e

    • SHA512

      7a9f631823acd323170a817cdb85f906669c99a95296f00fef1948d6c547212fd6e4c5f062d1c030f52f02b47e691964c23fb7a4e80490184ff3244ed11875ba

    • SSDEEP

      24576:OIbGD2JTu0GoZQDbGV6eH81kyUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU0:DCFbNechUUUUUUUUUUUUUUUUUUUUUUU7

    • Modifies WinLogon for persistence

    • Modifies visiblity of hidden/system files in Explorer

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    • Warzone RAT payload

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks