General
-
Target
fed9ab5b2162b76ab5d83a9bf07342b3_JaffaCakes118
-
Size
1.3MB
-
Sample
240421-j73grsfc6y
-
MD5
fed9ab5b2162b76ab5d83a9bf07342b3
-
SHA1
0dd925c9fc2ee6b95d760d184326f32b681ffd49
-
SHA256
f507336abc0d9c301b6b7103c6be90ea15121b937e6385091e712a4f22ddc782
-
SHA512
56cff7e236ccc12df18a9b9c903e2aee4aba4838d1190551d86af68bddc38aab4de7ac8f8adca995bb7446ed49280efd9dc9270048150b59fdf78203e76478df
-
SSDEEP
24576:vJjAKND1LIQgBPiXcDvWEAU07P2vIBzjoR:vJjN9IQEiXcUo
Static task
static1
Behavioral task
behavioral1
Sample
fed9ab5b2162b76ab5d83a9bf07342b3_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
fed9ab5b2162b76ab5d83a9bf07342b3_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
warzonerat
andronmatskiv20.sytes.net:5200
Targets
-
-
Target
fed9ab5b2162b76ab5d83a9bf07342b3_JaffaCakes118
-
Size
1.3MB
-
MD5
fed9ab5b2162b76ab5d83a9bf07342b3
-
SHA1
0dd925c9fc2ee6b95d760d184326f32b681ffd49
-
SHA256
f507336abc0d9c301b6b7103c6be90ea15121b937e6385091e712a4f22ddc782
-
SHA512
56cff7e236ccc12df18a9b9c903e2aee4aba4838d1190551d86af68bddc38aab4de7ac8f8adca995bb7446ed49280efd9dc9270048150b59fdf78203e76478df
-
SSDEEP
24576:vJjAKND1LIQgBPiXcDvWEAU07P2vIBzjoR:vJjN9IQEiXcUo
Score10/10-
Detect ZGRat V1
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-