General
-
Target
f7e8946a4954f59b836a588e29530d17_JaffaCakes118
-
Size
1.0MB
-
Sample
240418-nqyvgach8w
-
MD5
f7e8946a4954f59b836a588e29530d17
-
SHA1
388452dd34b35d51d312703106c83399fa30132c
-
SHA256
e475b9fed46639088d2fcdb7b8ab0631e4db362a3569b7d3030b8672be9df644
-
SHA512
b1a67ab8ccb44e984776632f72dcc370193178291fb457a89716b701ca9213e8d7e3a7e0a97ff63801977990e84a141d64d5717afcd4c1bebdec6cd8b1887486
-
SSDEEP
12288:7DVXSi5irusotVeJ8bdRq0vujGLjTGLSHAJ+raV35Ilb:VXB5s4cJ8vqPjmnHs+raBSb
Static task
static1
Behavioral task
behavioral1
Sample
f7e8946a4954f59b836a588e29530d17_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f7e8946a4954f59b836a588e29530d17_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
warzonerat
20.150.137.35:7400
Targets
-
-
Target
f7e8946a4954f59b836a588e29530d17_JaffaCakes118
-
Size
1.0MB
-
MD5
f7e8946a4954f59b836a588e29530d17
-
SHA1
388452dd34b35d51d312703106c83399fa30132c
-
SHA256
e475b9fed46639088d2fcdb7b8ab0631e4db362a3569b7d3030b8672be9df644
-
SHA512
b1a67ab8ccb44e984776632f72dcc370193178291fb457a89716b701ca9213e8d7e3a7e0a97ff63801977990e84a141d64d5717afcd4c1bebdec6cd8b1887486
-
SSDEEP
12288:7DVXSi5irusotVeJ8bdRq0vujGLjTGLSHAJ+raV35Ilb:VXB5s4cJ8vqPjmnHs+raBSb
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-