General
-
Target
1c00def0f21c75c24e302066f16d0cb1_JaffaCakes118
-
Size
963KB
-
Sample
240506-l82mzabg93
-
MD5
1c00def0f21c75c24e302066f16d0cb1
-
SHA1
c9145a18e83e4f333068c018c541b5aac97c2aec
-
SHA256
fa27c476f090f3f6b912858caf7529dd54d3a05da6a9f0a760056b56b7170850
-
SHA512
1ecc07454e762788129bb62fdc16469f5d8746a9b2311ca8288b58272a28dc2e3b7a12e5c9c34cd9bc1c4a9ec9a28c4e8b90be0c3af6fdbf81b215157a8e0084
-
SSDEEP
24576:VAHnh+eWsN3skA4RV1Hom2KXMmHa/VcsNH83L5:Eh+ZkldoPK8Ya/V29
Static task
static1
Behavioral task
behavioral1
Sample
1c00def0f21c75c24e302066f16d0cb1_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
1c00def0f21c75c24e302066f16d0cb1_JaffaCakes118.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
warzonerat
46.21.147.99:7006
Targets
-
-
Target
1c00def0f21c75c24e302066f16d0cb1_JaffaCakes118
-
Size
963KB
-
MD5
1c00def0f21c75c24e302066f16d0cb1
-
SHA1
c9145a18e83e4f333068c018c541b5aac97c2aec
-
SHA256
fa27c476f090f3f6b912858caf7529dd54d3a05da6a9f0a760056b56b7170850
-
SHA512
1ecc07454e762788129bb62fdc16469f5d8746a9b2311ca8288b58272a28dc2e3b7a12e5c9c34cd9bc1c4a9ec9a28c4e8b90be0c3af6fdbf81b215157a8e0084
-
SSDEEP
24576:VAHnh+eWsN3skA4RV1Hom2KXMmHa/VcsNH83L5:Eh+ZkldoPK8Ya/V29
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Suspicious use of SetThreadContext
-