General
-
Target
01fa1960d2852155105b2bd4feb34964_JaffaCakes118
-
Size
204KB
-
Sample
240427-ag7t5afh2v
-
MD5
01fa1960d2852155105b2bd4feb34964
-
SHA1
ede0497575a26c5e4e7f45003d28f55d5b4ca1b6
-
SHA256
854aa291dbcbc2b25bc66fa148bb351fd85da70e76872ee696fa3e49136223cb
-
SHA512
026d945203843f990a17130e4ebdeb7edfdcd3fd1bd07e76d4eef4c1aa5a446152559f0ee815cf9645df2201003cd7e2ecb4c82171c014844b1a063ae782807f
-
SSDEEP
3072:Mu9B7Bkm7/lWsq1j49rPRu+m1dXWMYFvmH/y19LOWluMURYz6IL38aZQbcWs5jvy:M8BlhD0ziPbOWwDg7LsCxWsbI
Static task
static1
Behavioral task
behavioral1
Sample
01fa1960d2852155105b2bd4feb34964_JaffaCakes118.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
01fa1960d2852155105b2bd4feb34964_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
warzonerat
naval.duckdns.org:6703
Targets
-
-
Target
01fa1960d2852155105b2bd4feb34964_JaffaCakes118
-
Size
204KB
-
MD5
01fa1960d2852155105b2bd4feb34964
-
SHA1
ede0497575a26c5e4e7f45003d28f55d5b4ca1b6
-
SHA256
854aa291dbcbc2b25bc66fa148bb351fd85da70e76872ee696fa3e49136223cb
-
SHA512
026d945203843f990a17130e4ebdeb7edfdcd3fd1bd07e76d4eef4c1aa5a446152559f0ee815cf9645df2201003cd7e2ecb4c82171c014844b1a063ae782807f
-
SSDEEP
3072:Mu9B7Bkm7/lWsq1j49rPRu+m1dXWMYFvmH/y19LOWluMURYz6IL38aZQbcWs5jvy:M8BlhD0ziPbOWwDg7LsCxWsbI
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Drops startup file
-
Suspicious use of SetThreadContext
-