Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
c37e3d75cffedf5dfd2710d0741012b8_JaffaCakes118
-
Size
269KB
-
Sample
240404-2ghc1scf85
-
MD5
c37e3d75cffedf5dfd2710d0741012b8
-
SHA1
e0ef0f784d7be7b19d1ebe3f37bc0380061d24eb
-
SHA256
82572bb673e848ff6622ce079dd07a8434290e44499846952ddda1819d315db3
-
SHA512
c03f377264a544b2b3116b0a4036030e814b907050abd784ebe2ea9170b31c08cb0c253d077495e0b1e1266e6f02299b39d2defa7487d07af15434c9c5d90a1b
-
SSDEEP
6144:2N2WbGBVmYBOYQma9sRz6l/FS4rJIKNFYST7Cy7BU/OfMkhB:26VmYBOLhsRGtSuIKNFYRiuOESB
Static task
static1
Behavioral task
behavioral1
Sample
c37e3d75cffedf5dfd2710d0741012b8_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
c37e3d75cffedf5dfd2710d0741012b8_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
warzonerat
176.126.86.243:2021
Targets
-
-
Target
c37e3d75cffedf5dfd2710d0741012b8_JaffaCakes118
-
Size
269KB
-
MD5
c37e3d75cffedf5dfd2710d0741012b8
-
SHA1
e0ef0f784d7be7b19d1ebe3f37bc0380061d24eb
-
SHA256
82572bb673e848ff6622ce079dd07a8434290e44499846952ddda1819d315db3
-
SHA512
c03f377264a544b2b3116b0a4036030e814b907050abd784ebe2ea9170b31c08cb0c253d077495e0b1e1266e6f02299b39d2defa7487d07af15434c9c5d90a1b
-
SSDEEP
6144:2N2WbGBVmYBOYQma9sRz6l/FS4rJIKNFYST7Cy7BU/OfMkhB:26VmYBOLhsRGtSuIKNFYRiuOESB
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-