General
-
Target
16d7cfecc0d1f44bcf020b5d2c900a64_JaffaCakes118
-
Size
127KB
-
Sample
240505-kgkdyacd5x
-
MD5
16d7cfecc0d1f44bcf020b5d2c900a64
-
SHA1
8170d4759a48ae196102b921dc7b89b3bda27886
-
SHA256
d9577922518c5fd98ec3518daa760289edf5e1151a7aea86e528606dde7563fb
-
SHA512
a8d69562b780389afe4fa02b16f12577c4654657863fabbdddec721d48194690270f1ea74fe1fa1981577cfa84c77585d765213c3318ecab40018ca7d62fa281
-
SSDEEP
3072:SCbz/KdJp8JZHIpKx+KDMbrfpaIeiX4d2Vzv9z/ri:SC+fFpWMXUCRVD9/
Behavioral task
behavioral1
Sample
16d7cfecc0d1f44bcf020b5d2c900a64_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
16d7cfecc0d1f44bcf020b5d2c900a64_JaffaCakes118.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
warzonerat
asdfwrkhl.warzonedns.com:5200
Targets
-
-
Target
16d7cfecc0d1f44bcf020b5d2c900a64_JaffaCakes118
-
Size
127KB
-
MD5
16d7cfecc0d1f44bcf020b5d2c900a64
-
SHA1
8170d4759a48ae196102b921dc7b89b3bda27886
-
SHA256
d9577922518c5fd98ec3518daa760289edf5e1151a7aea86e528606dde7563fb
-
SHA512
a8d69562b780389afe4fa02b16f12577c4654657863fabbdddec721d48194690270f1ea74fe1fa1981577cfa84c77585d765213c3318ecab40018ca7d62fa281
-
SSDEEP
3072:SCbz/KdJp8JZHIpKx+KDMbrfpaIeiX4d2Vzv9z/ri:SC+fFpWMXUCRVD9/
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Drops startup file
-
Suspicious use of SetThreadContext
-