General
-
Target
f1b4d6be53bb3a8e83cb818331d0fe88_JaffaCakes118
-
Size
592KB
-
Sample
240415-xrcs3afh8s
-
MD5
f1b4d6be53bb3a8e83cb818331d0fe88
-
SHA1
e3f58c7f0574eeaeb37f5eccea1380e3051f92db
-
SHA256
1460a17dc07d6849127eed198ac789235349dfa3b6f6430e5fa566e3511e5b64
-
SHA512
0c7d4c9facc75df91eb20c899ed5f4abb84c112279ca57de7ec6edbab068868b93b15cc2fbd426248f93b3ca376380c6e79f377e1c45538598a71cff25b31915
-
SSDEEP
12288:bUsg4Fnyr06KVuj0thFuNppvppMkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkr:4qs06jjqVn
Malware Config
Extracted
warzonerat
45.137.22.70:4198
Targets
-
-
Target
f1b4d6be53bb3a8e83cb818331d0fe88_JaffaCakes118
-
Size
592KB
-
MD5
f1b4d6be53bb3a8e83cb818331d0fe88
-
SHA1
e3f58c7f0574eeaeb37f5eccea1380e3051f92db
-
SHA256
1460a17dc07d6849127eed198ac789235349dfa3b6f6430e5fa566e3511e5b64
-
SHA512
0c7d4c9facc75df91eb20c899ed5f4abb84c112279ca57de7ec6edbab068868b93b15cc2fbd426248f93b3ca376380c6e79f377e1c45538598a71cff25b31915
-
SSDEEP
12288:bUsg4Fnyr06KVuj0thFuNppvppMkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkr:4qs06jjqVn
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-