General
-
Target
f1582bba00f1411392959f07ad65e70b_JaffaCakes118
-
Size
242KB
-
Sample
240415-sgrr1shd72
-
MD5
f1582bba00f1411392959f07ad65e70b
-
SHA1
8a8f877a401e35917d34f2534354e78b0fca6ede
-
SHA256
d59fbd296f369bbdbe5d0b1caa9befaa35a9f753621551013be572648db0c660
-
SHA512
06770c873784ec66b6fd33c9729782d998cc295fee6219148f446c6e143245ba11068824a115524663b72b433bce666d34e205601c0380f70971138ab286c3fd
-
SSDEEP
6144:mnbJdRgF+qoittUVRAqOgUx2OKyfKMSeFuM7ENrFFp:mFkAnibUVRAqp5OKKLqfp
Static task
static1
Behavioral task
behavioral1
Sample
f1582bba00f1411392959f07ad65e70b_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
f1582bba00f1411392959f07ad65e70b_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
warzonerat
185.157.160.215:2211
Targets
-
-
Target
f1582bba00f1411392959f07ad65e70b_JaffaCakes118
-
Size
242KB
-
MD5
f1582bba00f1411392959f07ad65e70b
-
SHA1
8a8f877a401e35917d34f2534354e78b0fca6ede
-
SHA256
d59fbd296f369bbdbe5d0b1caa9befaa35a9f753621551013be572648db0c660
-
SHA512
06770c873784ec66b6fd33c9729782d998cc295fee6219148f446c6e143245ba11068824a115524663b72b433bce666d34e205601c0380f70971138ab286c3fd
-
SSDEEP
6144:mnbJdRgF+qoittUVRAqOgUx2OKyfKMSeFuM7ENrFFp:mFkAnibUVRAqp5OKKLqfp
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Suspicious use of SetThreadContext
-