General

  • Target

    f1582bba00f1411392959f07ad65e70b_JaffaCakes118

  • Size

    242KB

  • Sample

    240415-sgrr1shd72

  • MD5

    f1582bba00f1411392959f07ad65e70b

  • SHA1

    8a8f877a401e35917d34f2534354e78b0fca6ede

  • SHA256

    d59fbd296f369bbdbe5d0b1caa9befaa35a9f753621551013be572648db0c660

  • SHA512

    06770c873784ec66b6fd33c9729782d998cc295fee6219148f446c6e143245ba11068824a115524663b72b433bce666d34e205601c0380f70971138ab286c3fd

  • SSDEEP

    6144:mnbJdRgF+qoittUVRAqOgUx2OKyfKMSeFuM7ENrFFp:mFkAnibUVRAqp5OKKLqfp

Malware Config

Extracted

Family

warzonerat

C2

185.157.160.215:2211

Targets

    • Target

      f1582bba00f1411392959f07ad65e70b_JaffaCakes118

    • Size

      242KB

    • MD5

      f1582bba00f1411392959f07ad65e70b

    • SHA1

      8a8f877a401e35917d34f2534354e78b0fca6ede

    • SHA256

      d59fbd296f369bbdbe5d0b1caa9befaa35a9f753621551013be572648db0c660

    • SHA512

      06770c873784ec66b6fd33c9729782d998cc295fee6219148f446c6e143245ba11068824a115524663b72b433bce666d34e205601c0380f70971138ab286c3fd

    • SSDEEP

      6144:mnbJdRgF+qoittUVRAqOgUx2OKyfKMSeFuM7ENrFFp:mFkAnibUVRAqp5OKKLqfp

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    • Warzone RAT payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks