General
-
Target
5a51e1e48cf514de495c13d1af463bc2_JaffaCakes118
-
Size
840KB
-
Sample
240519-twhnbsfd3t
-
MD5
5a51e1e48cf514de495c13d1af463bc2
-
SHA1
d7b288ecebebe4467bef48da25db6ba4fc424a89
-
SHA256
ec35c0f70e43316469957b8829e748bf1541bb1eff27f931e0f6df1310993030
-
SHA512
d803cf5f128d3e1879b99c567ec122b663daea8acc8a693e130e006f66e5eecfbe8c4b93117a6b7d8e15eeb1ec8e916c0b68b26ef77f02b167fd62d0224867c6
-
SSDEEP
12288:Y4YIo+/zfgajmG/4rzaM6SbjhlDdFbzZ4StxEF63U1wcJ5w:Y17YzgbGxSbjDd75txU6Z
Static task
static1
Behavioral task
behavioral1
Sample
5a51e1e48cf514de495c13d1af463bc2_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
5a51e1e48cf514de495c13d1af463bc2_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
warzonerat
savagesquad.ooguy.com:5437
Targets
-
-
Target
5a51e1e48cf514de495c13d1af463bc2_JaffaCakes118
-
Size
840KB
-
MD5
5a51e1e48cf514de495c13d1af463bc2
-
SHA1
d7b288ecebebe4467bef48da25db6ba4fc424a89
-
SHA256
ec35c0f70e43316469957b8829e748bf1541bb1eff27f931e0f6df1310993030
-
SHA512
d803cf5f128d3e1879b99c567ec122b663daea8acc8a693e130e006f66e5eecfbe8c4b93117a6b7d8e15eeb1ec8e916c0b68b26ef77f02b167fd62d0224867c6
-
SSDEEP
12288:Y4YIo+/zfgajmG/4rzaM6SbjhlDdFbzZ4StxEF63U1wcJ5w:Y17YzgbGxSbjDd75txU6Z
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-