General
-
Target
8d1a4a0e2b3826798a728707527baeba_JaffaCakes118
-
Size
336KB
-
Sample
240602-gp8jysdb7v
-
MD5
8d1a4a0e2b3826798a728707527baeba
-
SHA1
2409203f258633d47325042cc2aae439725d4d62
-
SHA256
b77860073b44ee02d8f4fffd3883683bb5e336e35fa0226531735e5de82e68e2
-
SHA512
416d5e41824df31f862013d5a99dcaeba773b37e6571fcb484c48e0f1756f17966ce51382e5f10dd453e1e46c8b8a806a78c84855237aa2a06a4f7e88128ad50
-
SSDEEP
6144:E+Ju2JS+1+EYJEMs2ujJtfTGGgToub7iRr//RuHuG/:E+JDJS+E9JEMs5J9T7g0uXihXtG/
Static task
static1
Behavioral task
behavioral1
Sample
8d1a4a0e2b3826798a728707527baeba_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
8d1a4a0e2b3826798a728707527baeba_JaffaCakes118.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
warzonerat
185.29.9.58:1023
Targets
-
-
Target
8d1a4a0e2b3826798a728707527baeba_JaffaCakes118
-
Size
336KB
-
MD5
8d1a4a0e2b3826798a728707527baeba
-
SHA1
2409203f258633d47325042cc2aae439725d4d62
-
SHA256
b77860073b44ee02d8f4fffd3883683bb5e336e35fa0226531735e5de82e68e2
-
SHA512
416d5e41824df31f862013d5a99dcaeba773b37e6571fcb484c48e0f1756f17966ce51382e5f10dd453e1e46c8b8a806a78c84855237aa2a06a4f7e88128ad50
-
SSDEEP
6144:E+Ju2JS+1+EYJEMs2ujJtfTGGgToub7iRr//RuHuG/:E+JDJS+E9JEMs5J9T7g0uXihXtG/
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-