General
-
Target
f4521c6aace782f33b8afdc157ebd10f_JaffaCakes118
-
Size
329KB
-
Sample
240416-zv6xesce97
-
MD5
f4521c6aace782f33b8afdc157ebd10f
-
SHA1
28c89031d7b796bfee391fa03c5ff654bd057fd7
-
SHA256
a7afcc40d88bf419bc84f92a2bdd394b3aeb18f1b98e608c5cd034a885393c2e
-
SHA512
f094dd1424c4fd0ca98a08d553a6ef7bb2fc273b1834428eade6ef690034553745cac8299f564941b69ef4cfc0914904f393a72a1b404be4aeda064c5965a9b3
-
SSDEEP
6144:yBS0xxqrm6OEs/1A4ev9p97Yo1jrR99IGlDR57n6:yke6OtK9p98odR9b57n
Static task
static1
Behavioral task
behavioral1
Sample
f4521c6aace782f33b8afdc157ebd10f_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f4521c6aace782f33b8afdc157ebd10f_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
warzonerat
nan.ydns.eu:4002
Targets
-
-
Target
f4521c6aace782f33b8afdc157ebd10f_JaffaCakes118
-
Size
329KB
-
MD5
f4521c6aace782f33b8afdc157ebd10f
-
SHA1
28c89031d7b796bfee391fa03c5ff654bd057fd7
-
SHA256
a7afcc40d88bf419bc84f92a2bdd394b3aeb18f1b98e608c5cd034a885393c2e
-
SHA512
f094dd1424c4fd0ca98a08d553a6ef7bb2fc273b1834428eade6ef690034553745cac8299f564941b69ef4cfc0914904f393a72a1b404be4aeda064c5965a9b3
-
SSDEEP
6144:yBS0xxqrm6OEs/1A4ev9p97Yo1jrR99IGlDR57n6:yke6OtK9p98odR9b57n
Score10/10-
Detect ZGRat V1
-
Detects BazaLoader malware
BazaLoader is a trojan that transmits logs to the Command and Control (C2) server, encoding them in BASE64 format through GET requests.
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-