General
-
Target
1768a22ad081724971c9a709488d41d3_JaffaCakes118
-
Size
377KB
-
Sample
240505-nbfeksbf24
-
MD5
1768a22ad081724971c9a709488d41d3
-
SHA1
a180bfc90402a3cd3656c2a5a2ba876987e055b4
-
SHA256
93983480e656ab227ef8c96b10fa2360ca628bc34689d05d6483a87a8b3af014
-
SHA512
ee173b87e207c655990b8a26791a6150b13177786ba1bc6d04fc467bf0fdf219f996ab5d2e9599f9de323744ebc981a79f38f162051ffed5ae141a763a0564d0
-
SSDEEP
6144:vAiuocJAT7f5t3FiyvaKS9zAUNwu+Tb6Z45AqP87KW40:Yiu5Juv1iyvaKHUf+fcgzyKf0
Static task
static1
Behavioral task
behavioral1
Sample
1768a22ad081724971c9a709488d41d3_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
1768a22ad081724971c9a709488d41d3_JaffaCakes118.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
warzonerat
stoic.gleeze.com:5200
Targets
-
-
Target
1768a22ad081724971c9a709488d41d3_JaffaCakes118
-
Size
377KB
-
MD5
1768a22ad081724971c9a709488d41d3
-
SHA1
a180bfc90402a3cd3656c2a5a2ba876987e055b4
-
SHA256
93983480e656ab227ef8c96b10fa2360ca628bc34689d05d6483a87a8b3af014
-
SHA512
ee173b87e207c655990b8a26791a6150b13177786ba1bc6d04fc467bf0fdf219f996ab5d2e9599f9de323744ebc981a79f38f162051ffed5ae141a763a0564d0
-
SSDEEP
6144:vAiuocJAT7f5t3FiyvaKS9zAUNwu+Tb6Z45AqP87KW40:Yiu5Juv1iyvaKHUf+fcgzyKf0
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-