General
-
Target
083e2d9602153bb49f5b0aa4478d8649_JaffaCakes118
-
Size
345KB
-
Sample
240429-v9he6agd64
-
MD5
083e2d9602153bb49f5b0aa4478d8649
-
SHA1
0f148128eacc1dbcc92a768ab4caea17572b29c7
-
SHA256
917867fc54684f79293c924a822066f9d4153ff9dd48fee20af264c6ba747583
-
SHA512
4c47d8a9ec38ccee76d760ebdfc66d8001794da14d758b4f13832d60637c2e11ca6c9280c9431ad39d93d79855b81eb1611ea78e97af9b518134c5802bb214b9
-
SSDEEP
3072:neEcebtEZN2DdfEzbbk7VRn4OOiWXYXCSioCqpkUzAgMWCiFWeETnPKr3UK8gYfk:czb0VciWoXiTziGTnPKDRKyZaIDcU
Static task
static1
Behavioral task
behavioral1
Sample
083e2d9602153bb49f5b0aa4478d8649_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
083e2d9602153bb49f5b0aa4478d8649_JaffaCakes118.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
warzonerat
warzon957.duckdns.org:4546
Targets
-
-
Target
083e2d9602153bb49f5b0aa4478d8649_JaffaCakes118
-
Size
345KB
-
MD5
083e2d9602153bb49f5b0aa4478d8649
-
SHA1
0f148128eacc1dbcc92a768ab4caea17572b29c7
-
SHA256
917867fc54684f79293c924a822066f9d4153ff9dd48fee20af264c6ba747583
-
SHA512
4c47d8a9ec38ccee76d760ebdfc66d8001794da14d758b4f13832d60637c2e11ca6c9280c9431ad39d93d79855b81eb1611ea78e97af9b518134c5802bb214b9
-
SSDEEP
3072:neEcebtEZN2DdfEzbbk7VRn4OOiWXYXCSioCqpkUzAgMWCiFWeETnPKr3UK8gYfk:czb0VciWoXiTziGTnPKDRKyZaIDcU
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Drops startup file
-
Suspicious use of SetThreadContext
-