General
-
Target
f147b8cfe733af00210eda406d7a2134_JaffaCakes118
-
Size
999KB
-
Sample
240415-rvd8eaag9w
-
MD5
f147b8cfe733af00210eda406d7a2134
-
SHA1
b57db223058117797e98312161faea36e619164c
-
SHA256
048c93c638aeb9d63fd2c934d4333b125e75273324b7bd0d6ae35e23ac86c534
-
SHA512
f33c4799e4589fb2d15a577c5259daf4e66bfc1bf95c455fbce0f92236ae53ea32b448cc2c54edba0b760012cec486ef3932ff19b4cb544cd5826764af28da54
-
SSDEEP
24576:i3o8S1/d3U3K64JUTLGNeRUNg4PTkib7:Co8rK64JofxLib
Static task
static1
Behavioral task
behavioral1
Sample
f147b8cfe733af00210eda406d7a2134_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f147b8cfe733af00210eda406d7a2134_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
warzonerat
ankarab.ddns.net:6363
Targets
-
-
Target
f147b8cfe733af00210eda406d7a2134_JaffaCakes118
-
Size
999KB
-
MD5
f147b8cfe733af00210eda406d7a2134
-
SHA1
b57db223058117797e98312161faea36e619164c
-
SHA256
048c93c638aeb9d63fd2c934d4333b125e75273324b7bd0d6ae35e23ac86c534
-
SHA512
f33c4799e4589fb2d15a577c5259daf4e66bfc1bf95c455fbce0f92236ae53ea32b448cc2c54edba0b760012cec486ef3932ff19b4cb544cd5826764af28da54
-
SSDEEP
24576:i3o8S1/d3U3K64JUTLGNeRUNg4PTkib7:Co8rK64JofxLib
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Warzone RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-