General

  • Target

    11cf2810dd5c7cfba32d757140abd921_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240728-k3ka3aydpq

  • MD5

    11cf2810dd5c7cfba32d757140abd921

  • SHA1

    9e5ec5e35c37c1384ba33f823494f8816a4256b9

  • SHA256

    ffde774a1d7b96f6db9ee7f0f734cd2d0c6ad97e15a1ce5094be51158ad8fecd

  • SHA512

    9459174f978163011ead4b75e8fdfe177ed90de05c0c753e52e39447f1ae0017107ca452234a808081681359256846f5b2baff3ca9b58d5b9e9142f9e050e2aa

  • SSDEEP

    12288:OIbsBDU0I6+Tu0TJ0N1oYgNOFDA7W2FeDSIGVH/KIDgDgUeHbY11k/:OIbGD2JTu0GoZQDbGV6eH81k/

Malware Config

Targets

    • Target

      11cf2810dd5c7cfba32d757140abd921_JaffaCakes118

    • Size

      1.2MB

    • MD5

      11cf2810dd5c7cfba32d757140abd921

    • SHA1

      9e5ec5e35c37c1384ba33f823494f8816a4256b9

    • SHA256

      ffde774a1d7b96f6db9ee7f0f734cd2d0c6ad97e15a1ce5094be51158ad8fecd

    • SHA512

      9459174f978163011ead4b75e8fdfe177ed90de05c0c753e52e39447f1ae0017107ca452234a808081681359256846f5b2baff3ca9b58d5b9e9142f9e050e2aa

    • SSDEEP

      12288:OIbsBDU0I6+Tu0TJ0N1oYgNOFDA7W2FeDSIGVH/KIDgDgUeHbY11k/:OIbGD2JTu0GoZQDbGV6eH81k/

    • Modifies WinLogon for persistence

    • Modifies visiblity of hidden/system files in Explorer

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    • Warzone RAT payload

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks