General
-
Target
ef426d4bbf705a856245b5bcbdf7e46a_JaffaCakes118
-
Size
626KB
-
Sample
240412-ggnjtaba9z
-
MD5
ef426d4bbf705a856245b5bcbdf7e46a
-
SHA1
188d276d75bd11222d78e93b15d5db5bb1fb5719
-
SHA256
b0627375f7b275b493c75d04d198affe068da50f24744b63dd5b4a9ea85e6288
-
SHA512
fe7b26c771614d9ae9e8e9b638a6817f35aa28e19a03dd4af51ea33bd1050d39ccbaaa8817080ff82016444f867e679cb7b13ffdb2f2cf04b95485a858e79c4a
-
SSDEEP
12288:f+OR56es7iS/d348cGaewJhgYTq2+8Nu0SQTVKtS+EPEV4:fr56evS/d3GGaewbgay8Ln
Static task
static1
Behavioral task
behavioral1
Sample
ef426d4bbf705a856245b5bcbdf7e46a_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ef426d4bbf705a856245b5bcbdf7e46a_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
warzonerat
202.55.132.213:7744
Targets
-
-
Target
ef426d4bbf705a856245b5bcbdf7e46a_JaffaCakes118
-
Size
626KB
-
MD5
ef426d4bbf705a856245b5bcbdf7e46a
-
SHA1
188d276d75bd11222d78e93b15d5db5bb1fb5719
-
SHA256
b0627375f7b275b493c75d04d198affe068da50f24744b63dd5b4a9ea85e6288
-
SHA512
fe7b26c771614d9ae9e8e9b638a6817f35aa28e19a03dd4af51ea33bd1050d39ccbaaa8817080ff82016444f867e679cb7b13ffdb2f2cf04b95485a858e79c4a
-
SSDEEP
12288:f+OR56es7iS/d348cGaewJhgYTq2+8Nu0SQTVKtS+EPEV4:fr56evS/d3GGaewbgay8Ln
Score10/10-
Detects BazaLoader malware
BazaLoader is a trojan that transmits logs to the Command and Control (C2) server, encoding them in BASE64 format through GET requests.
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Warzone RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-