General
-
Target
002388a43281fe782dec84da93d765a3_JaffaCakes118
-
Size
2.7MB
-
Sample
240425-1ltq6sfe28
-
MD5
002388a43281fe782dec84da93d765a3
-
SHA1
93c0d1a2b3a5ee02f3850e7fba9d0ef4dab892ca
-
SHA256
eb591a1b5bc92a6f395a3e8bf72d2cac924529757eefd68c49a0106f716814b5
-
SHA512
68d0c29c1ff2599efe581c66c24dd15e186a238d160a8e4d964244216a20917425d2e26753a896a638cf0f904196bc5ae8a2028d593087d23c87b7d5b4c7caaf
-
SSDEEP
24576:ssF6mZZcVKfIxTiEVc847flVC6faaQDbGV6eH81k6IbGD2JTu0GoZQDbGV6eH81b:fF6mw4gxeOw46fUbNecCCFbNecF
Behavioral task
behavioral1
Sample
002388a43281fe782dec84da93d765a3_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
002388a43281fe782dec84da93d765a3_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
002388a43281fe782dec84da93d765a3_JaffaCakes118
-
Size
2.7MB
-
MD5
002388a43281fe782dec84da93d765a3
-
SHA1
93c0d1a2b3a5ee02f3850e7fba9d0ef4dab892ca
-
SHA256
eb591a1b5bc92a6f395a3e8bf72d2cac924529757eefd68c49a0106f716814b5
-
SHA512
68d0c29c1ff2599efe581c66c24dd15e186a238d160a8e4d964244216a20917425d2e26753a896a638cf0f904196bc5ae8a2028d593087d23c87b7d5b4c7caaf
-
SSDEEP
24576:ssF6mZZcVKfIxTiEVc847flVC6faaQDbGV6eH81k6IbGD2JTu0GoZQDbGV6eH81b:fF6mw4gxeOw46fUbNecCCFbNecF
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-