General
-
Target
0f0f044cbeb9af25e2d60937011486ec_JaffaCakes118
-
Size
298KB
-
Sample
240502-2qqezsae79
-
MD5
0f0f044cbeb9af25e2d60937011486ec
-
SHA1
1547bfb233f29693a427930cc5132c946e4a1e7e
-
SHA256
469298a33eeb63a4b26b1eb8a89a4cc504ac08f0155b7b496d4062af80bdcd96
-
SHA512
c82157804e418e8833ab8367f1fa6e604ca85162a5c57c5203add77146f644c22452c499d08459c8fd5e9ccbe2e51517c83140c7c74837f4086178db1e7cea61
-
SSDEEP
6144:AtSDCN8zSV4SJe1Ymg5uh8oWQxR5yMyETnU5xQd65U65dAQxsLzDxJDS8QOYrtO:Atsw8E4SwmmmuqTQxmDETnU5I659TkLD
Static task
static1
Behavioral task
behavioral1
Sample
DHL DOCUMENTS No_SINI0068206497_PDF.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
DHL DOCUMENTS No_SINI0068206497_PDF.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
warzonerat
185.140.53.91:1866
Targets
-
-
Target
DHL DOCUMENTS No_SINI0068206497_PDF.exe
-
Size
806KB
-
MD5
212f8cc8065d07df0055acab1dfb9d97
-
SHA1
49b740014d0dc2aabe52e96eb9c502037df2bd80
-
SHA256
7ab85ac83d63559d24659167d6ce9581f48304844b8ad799dad47a31311e2c9b
-
SHA512
2366a19e289649adff79c7d1180e78055ca649478393cab665638429d98681d554a0898c3ad1547e259b4607d9076a715f8d06b19ec361725acc849f64eed09a
-
SSDEEP
12288:I2TpWuXJM6iiguuUyREh6ZCjdJ2oQZ1DakzZwP5BTNdAL0++:IopW+JMjNZCjXzQZ1DakF8pNuL
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-