Behavioral task
behavioral1
Sample
12aa3815f5b82fca23bb2ca585aa89c8_JaffaCakes118.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
12aa3815f5b82fca23bb2ca585aa89c8_JaffaCakes118.exe
Resource
win10v2004-20240419-en
General
-
Target
12aa3815f5b82fca23bb2ca585aa89c8_JaffaCakes118
-
Size
2.9MB
-
MD5
12aa3815f5b82fca23bb2ca585aa89c8
-
SHA1
196f0e970a1a4cd4928392c3d385e5bbe2209ff5
-
SHA256
87c3eaa7ca4ec2024e65cda84b808375c1f4d98cbdb60509edb9113700444eca
-
SHA512
8d383cfa7145f314971c4421d91e8b4933504ccfd27c4e9f3619628de37539339123a454ef8b29c6aa4ca8c62c5038176dbcdcbee0160ea0e852deadb95292e7
-
SSDEEP
24576:ATU7AAmZZcVKfIxTiEVc847flVC6faaQDbGV6eH81k6IbGD2JTu0GoZQDbGV6eHu:ATU7AAmw4gxeOw46fUbNecCCFbNecv
Malware Config
Signatures
-
Warzone RAT payload 1 IoCs
Processes:
resource yara_rule sample warzonerat -
Warzonerat family
-
Processes:
resource yara_rule sample upx -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 12aa3815f5b82fca23bb2ca585aa89c8_JaffaCakes118
Files
-
12aa3815f5b82fca23bb2ca585aa89c8_JaffaCakes118.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
Sections
UPX0 Size: 188KB - Virtual size: 188KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 79KB - Virtual size: 80KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.imports Size: 1KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE