General
-
Target
674122f4521b5303a7a4f7943c62b2b6_JaffaCakes118
-
Size
152KB
-
Sample
240522-pkx7esag37
-
MD5
674122f4521b5303a7a4f7943c62b2b6
-
SHA1
42bdf591d3b63cbc3854a5348088c878ecb83fc4
-
SHA256
975c1d6172c86dc4b1f58e88480df55ded6429c82ebe2e9c805dc1c43409b27a
-
SHA512
6311011ef5bbf974234ab02055c7bf16f014bda805f608dd863e4d174e7d70937486b72421896bc42145189f02c457557e06c8e54d602616c6afce35a3357c7f
-
SSDEEP
3072:vp0bsWYFP8ScRTdmV3O8ZS+xUS1riVfnrK+0Hf1TIZ:aYWYFPBOFiuv+J9Ti
Behavioral task
behavioral1
Sample
FW Injector.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
FW Injector.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
warzonerat
projex0192.rapiddns.ru:5200
Targets
-
-
Target
FW Injector.exe
-
Size
262KB
-
MD5
37f340e9d569089da4b981c0a4bb7dd4
-
SHA1
f2b6ddbb5e0c3bc531ebacd5be15a95cc906dcc6
-
SHA256
f6eff84cf170a15b3b8a92526b8b8dde1a916e3e22d30604d260aaeae5d4236d
-
SHA512
4b3f74637941c01a1110a9b7116ada33acc43c6498015d185735a5b123062382d8ec66192c04631b88079b6b184e94d047ea230a2f40145da5c9b38e8fe3ca0d
-
SSDEEP
6144:nyasL9DE0mz0hV+WcFnESvT6yZUeTv5xWxB:ny5L9vm8yZjThx
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-