General
-
Target
44b1258063e4b04a22af7714f7f76a56_JaffaCakes118
-
Size
1.0MB
-
Sample
240515-fzy8labb88
-
MD5
44b1258063e4b04a22af7714f7f76a56
-
SHA1
11e736e3361b3941764fabe12414b36eec4cbb54
-
SHA256
403d0a40b480ecf6291b5ffb644c07a9e39220cc54d7ac2ee42df39776c00c1c
-
SHA512
edb21333d65bc442bc551c0affd1e72c18f3d36437a20f3acf1ca4a11dd274134176f591c0aa45862cab3641b041dde73cbddbadd0a89ff019faad0c17bb5be1
-
SSDEEP
24576:TdHnh+eWsN3skA4RV1Hom2KXRmHaftNZjQrV90SeQcTL5:9h+ZkldoPKBYafv890JQch
Static task
static1
Behavioral task
behavioral1
Sample
44b1258063e4b04a22af7714f7f76a56_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
44b1258063e4b04a22af7714f7f76a56_JaffaCakes118.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
warzonerat
32w4tgef4ehyr5t564rthy.from-nc.com:3150
Targets
-
-
Target
44b1258063e4b04a22af7714f7f76a56_JaffaCakes118
-
Size
1.0MB
-
MD5
44b1258063e4b04a22af7714f7f76a56
-
SHA1
11e736e3361b3941764fabe12414b36eec4cbb54
-
SHA256
403d0a40b480ecf6291b5ffb644c07a9e39220cc54d7ac2ee42df39776c00c1c
-
SHA512
edb21333d65bc442bc551c0affd1e72c18f3d36437a20f3acf1ca4a11dd274134176f591c0aa45862cab3641b041dde73cbddbadd0a89ff019faad0c17bb5be1
-
SSDEEP
24576:TdHnh+eWsN3skA4RV1Hom2KXRmHaftNZjQrV90SeQcTL5:9h+ZkldoPKBYafv890JQch
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Suspicious use of SetThreadContext
-