General

  • Target

    01fa1960d2852155105b2bd4feb34964_JaffaCakes118

  • Size

    204KB

  • Sample

    240427-ag7t5afh2v

  • MD5

    01fa1960d2852155105b2bd4feb34964

  • SHA1

    ede0497575a26c5e4e7f45003d28f55d5b4ca1b6

  • SHA256

    854aa291dbcbc2b25bc66fa148bb351fd85da70e76872ee696fa3e49136223cb

  • SHA512

    026d945203843f990a17130e4ebdeb7edfdcd3fd1bd07e76d4eef4c1aa5a446152559f0ee815cf9645df2201003cd7e2ecb4c82171c014844b1a063ae782807f

  • SSDEEP

    3072:Mu9B7Bkm7/lWsq1j49rPRu+m1dXWMYFvmH/y19LOWluMURYz6IL38aZQbcWs5jvy:M8BlhD0ziPbOWwDg7LsCxWsbI

Malware Config

Extracted

Family

warzonerat

C2

naval.duckdns.org:6703

Targets

    • Target

      01fa1960d2852155105b2bd4feb34964_JaffaCakes118

    • Size

      204KB

    • MD5

      01fa1960d2852155105b2bd4feb34964

    • SHA1

      ede0497575a26c5e4e7f45003d28f55d5b4ca1b6

    • SHA256

      854aa291dbcbc2b25bc66fa148bb351fd85da70e76872ee696fa3e49136223cb

    • SHA512

      026d945203843f990a17130e4ebdeb7edfdcd3fd1bd07e76d4eef4c1aa5a446152559f0ee815cf9645df2201003cd7e2ecb4c82171c014844b1a063ae782807f

    • SSDEEP

      3072:Mu9B7Bkm7/lWsq1j49rPRu+m1dXWMYFvmH/y19LOWluMURYz6IL38aZQbcWs5jvy:M8BlhD0ziPbOWwDg7LsCxWsbI

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    • Warzone RAT payload

    • Drops startup file

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks