General
-
Target
461f3a72f6d77526ceaa8ffd3d523537_JaffaCakes118
-
Size
271KB
-
Sample
240515-pc9kgsgh68
-
MD5
461f3a72f6d77526ceaa8ffd3d523537
-
SHA1
9e0123dc05e8f47c648f3cb90d215451f969230b
-
SHA256
b38eb5940f0440fe9e3feaaf6d21abb1ac2aed235d465ed8307f151f20b75eb2
-
SHA512
a8548e80124e989003dd6a3cce2ed4b29e21a941252100645fe7397c4f17be90987db32027e260b336d4e29c0725c863cdbe5a3c1f544ee1bdaac224ab2841eb
-
SSDEEP
6144:UkrG7ze1qAPEzhZgvUKoHIyx4xm2J+Ctje4DVWPaV:UkrOzAPYKUKoHfx6m2J9tjF0CV
Static task
static1
Behavioral task
behavioral1
Sample
461f3a72f6d77526ceaa8ffd3d523537_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
461f3a72f6d77526ceaa8ffd3d523537_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
warzonerat
37.120.159.243:11904
Targets
-
-
Target
461f3a72f6d77526ceaa8ffd3d523537_JaffaCakes118
-
Size
271KB
-
MD5
461f3a72f6d77526ceaa8ffd3d523537
-
SHA1
9e0123dc05e8f47c648f3cb90d215451f969230b
-
SHA256
b38eb5940f0440fe9e3feaaf6d21abb1ac2aed235d465ed8307f151f20b75eb2
-
SHA512
a8548e80124e989003dd6a3cce2ed4b29e21a941252100645fe7397c4f17be90987db32027e260b336d4e29c0725c863cdbe5a3c1f544ee1bdaac224ab2841eb
-
SSDEEP
6144:UkrG7ze1qAPEzhZgvUKoHIyx4xm2J+Ctje4DVWPaV:UkrOzAPYKUKoHfx6m2J9tjF0CV
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-