General
-
Target
f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118
-
Size
305KB
-
Sample
240418-akyevscg6t
-
MD5
f6e2893312dc8bb664c183fcc93990bb
-
SHA1
72c03600b7fcab33db83644153a9376f6aae5914
-
SHA256
369e794e05e0d7c9bba6dde5009848087a2cd5e8bf77583d391e0e51d21a52cd
-
SHA512
dbe72bd9d0851176e20091842b1505e650034ce4b1a98dfc13d09cbb92cc45a8db67418ff7db88a4a5451363c74189bf86efe227ec52b6901e1b188bae07baf0
-
SSDEEP
6144:qrPvxOIE9jeOn3jEapL6wAOGNGE81/2I/TYtCC:qbvx+9jZoDwmGRuIhC
Static task
static1
Behavioral task
behavioral1
Sample
f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
warzonerat
64.188.13.46:13372
Targets
-
-
Target
f6e2893312dc8bb664c183fcc93990bb_JaffaCakes118
-
Size
305KB
-
MD5
f6e2893312dc8bb664c183fcc93990bb
-
SHA1
72c03600b7fcab33db83644153a9376f6aae5914
-
SHA256
369e794e05e0d7c9bba6dde5009848087a2cd5e8bf77583d391e0e51d21a52cd
-
SHA512
dbe72bd9d0851176e20091842b1505e650034ce4b1a98dfc13d09cbb92cc45a8db67418ff7db88a4a5451363c74189bf86efe227ec52b6901e1b188bae07baf0
-
SSDEEP
6144:qrPvxOIE9jeOn3jEapL6wAOGNGE81/2I/TYtCC:qbvx+9jZoDwmGRuIhC
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-