General
-
Target
ff3d380d75da0970ca814403921a512d_JaffaCakes118
-
Size
336KB
-
Sample
240421-pa8v6sah77
-
MD5
ff3d380d75da0970ca814403921a512d
-
SHA1
bd06d7efc8946846addb9593893ac91a668d1e75
-
SHA256
1c2437ae6ffc0eee1e868edc26540d7b1fc8992209ec776644fc8c83c83b0032
-
SHA512
0e9fcbd1f3753a11a5745e467d630fd36077879df982d8cf98e06e08718e4d369c452c7ad8819dbdf93ad6685e2fa99ec9b059cff0c5feaf69236ad80b280f3c
-
SSDEEP
6144:iFOwiyeVH0dxiroXWm/XFWdLUiIr5QhXY+lG9ijjz8QTOV0y4AS7E:yiyexQtVwYXyYOGe/811zn
Static task
static1
Behavioral task
behavioral1
Sample
ff3d380d75da0970ca814403921a512d_JaffaCakes118.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
ff3d380d75da0970ca814403921a512d_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
warzonerat
hjjhjkk.ydns.eu:7009
Targets
-
-
Target
ff3d380d75da0970ca814403921a512d_JaffaCakes118
-
Size
336KB
-
MD5
ff3d380d75da0970ca814403921a512d
-
SHA1
bd06d7efc8946846addb9593893ac91a668d1e75
-
SHA256
1c2437ae6ffc0eee1e868edc26540d7b1fc8992209ec776644fc8c83c83b0032
-
SHA512
0e9fcbd1f3753a11a5745e467d630fd36077879df982d8cf98e06e08718e4d369c452c7ad8819dbdf93ad6685e2fa99ec9b059cff0c5feaf69236ad80b280f3c
-
SSDEEP
6144:iFOwiyeVH0dxiroXWm/XFWdLUiIr5QhXY+lG9ijjz8QTOV0y4AS7E:yiyexQtVwYXyYOGe/811zn
Score10/10-
Detect ZGRat V1
-
Detects BazaLoader malware
BazaLoader is a trojan that transmits logs to the Command and Control (C2) server, encoding them in BASE64 format through GET requests.
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-