General
-
Target
128b26f383a1f6bb071df23e1cfb82af_JaffaCakes118
-
Size
1.6MB
-
Sample
240504-nnc5zscg4y
-
MD5
128b26f383a1f6bb071df23e1cfb82af
-
SHA1
c9dab1c522d5cff0defb801acf634d948384e79e
-
SHA256
e4f54bbd59b269cffb0d0bf1a4ac0f37d931af813c9944991cc7dbeb9bffcd6b
-
SHA512
a2003412b7cd56e5d418de7564e00ff873235350d81e540f57be4f6eb47e001e1674be509f70b78dff1db288fa0fe9d7856b7f4ebc9ff7c94f6cbc4c55ea0b2b
-
SSDEEP
24576:Pj2iZXSjoekb9TXahIoFRFGM/SJLMJ3GAOxW4PLSf:ejoekb9LYIWRdSuFShPLSf
Static task
static1
Behavioral task
behavioral1
Sample
128b26f383a1f6bb071df23e1cfb82af_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
128b26f383a1f6bb071df23e1cfb82af_JaffaCakes118.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
warzonerat
dultrasolutions.duckdns.org:7171
Targets
-
-
Target
128b26f383a1f6bb071df23e1cfb82af_JaffaCakes118
-
Size
1.6MB
-
MD5
128b26f383a1f6bb071df23e1cfb82af
-
SHA1
c9dab1c522d5cff0defb801acf634d948384e79e
-
SHA256
e4f54bbd59b269cffb0d0bf1a4ac0f37d931af813c9944991cc7dbeb9bffcd6b
-
SHA512
a2003412b7cd56e5d418de7564e00ff873235350d81e540f57be4f6eb47e001e1674be509f70b78dff1db288fa0fe9d7856b7f4ebc9ff7c94f6cbc4c55ea0b2b
-
SSDEEP
24576:Pj2iZXSjoekb9TXahIoFRFGM/SJLMJ3GAOxW4PLSf:ejoekb9LYIWRdSuFShPLSf
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-