General
-
Target
0ede8ab43d2846b1bf4eb94aee9480f9_JaffaCakes118
-
Size
2.9MB
-
Sample
240728-jfa87svgrp
-
MD5
0ede8ab43d2846b1bf4eb94aee9480f9
-
SHA1
861148bd09b567fe772595fababa11a21760a771
-
SHA256
14261c0f40fb9940247254a114bb4b69f91ea2d5251492d5d5c1c8f95b673ec2
-
SHA512
3ca5632d408db25c4efa8d8a462c7293d0fc3ca065e83dfa5534e3c15cbda996b2ad677b0ca852f5c01ea1cab3a933ae2dc3b2ee49a116d4a7f7462b2885fa81
-
SSDEEP
24576:3Ty7A3mZZcVKfIxTiEVc847flVC6faaQDbGV6eH81k6IbGD2JTu0GoZQDbGV6eHA:3Ty7A3mw4gxeOw46fUbNecCCFbNecH
Behavioral task
behavioral1
Sample
0ede8ab43d2846b1bf4eb94aee9480f9_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
0ede8ab43d2846b1bf4eb94aee9480f9_JaffaCakes118.exe
Resource
win10v2004-20240730-en
Malware Config
Targets
-
-
Target
0ede8ab43d2846b1bf4eb94aee9480f9_JaffaCakes118
-
Size
2.9MB
-
MD5
0ede8ab43d2846b1bf4eb94aee9480f9
-
SHA1
861148bd09b567fe772595fababa11a21760a771
-
SHA256
14261c0f40fb9940247254a114bb4b69f91ea2d5251492d5d5c1c8f95b673ec2
-
SHA512
3ca5632d408db25c4efa8d8a462c7293d0fc3ca065e83dfa5534e3c15cbda996b2ad677b0ca852f5c01ea1cab3a933ae2dc3b2ee49a116d4a7f7462b2885fa81
-
SSDEEP
24576:3Ty7A3mZZcVKfIxTiEVc847flVC6faaQDbGV6eH81k6IbGD2JTu0GoZQDbGV6eHA:3Ty7A3mw4gxeOw46fUbNecCCFbNecH
-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
4