General
-
Target
09d2701774bb74673e35dcfe7661231e_JaffaCakes118
-
Size
686KB
-
Sample
240728-fh9yrssdrh
-
MD5
09d2701774bb74673e35dcfe7661231e
-
SHA1
f8598752168cfc6b34fa8c7d306825e3d185b6de
-
SHA256
00c81ee60f577f38edc27e5c1532d4996e55a86f322e248e4e9f80f159c449b8
-
SHA512
9546ee991d252cf0a19508a0049d63ff187ae81a0c7a327996ecfb4879560e98e418e64acf75265621623b3b660f85ffb13490fccb475e38c5edb1daa5649977
-
SSDEEP
12288:i1eRRAfxCIUnyNOI/SN/HWQZUp7rpiEpIiQHkRT5:EiRO8nyNOI0u7G+INw
Static task
static1
Behavioral task
behavioral1
Sample
09d2701774bb74673e35dcfe7661231e_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
09d2701774bb74673e35dcfe7661231e_JaffaCakes118.exe
Resource
win10v2004-20240730-en
Malware Config
Extracted
warzonerat
bestsuccess.ddns.net:2442
Targets
-
-
Target
09d2701774bb74673e35dcfe7661231e_JaffaCakes118
-
Size
686KB
-
MD5
09d2701774bb74673e35dcfe7661231e
-
SHA1
f8598752168cfc6b34fa8c7d306825e3d185b6de
-
SHA256
00c81ee60f577f38edc27e5c1532d4996e55a86f322e248e4e9f80f159c449b8
-
SHA512
9546ee991d252cf0a19508a0049d63ff187ae81a0c7a327996ecfb4879560e98e418e64acf75265621623b3b660f85ffb13490fccb475e38c5edb1daa5649977
-
SSDEEP
12288:i1eRRAfxCIUnyNOI/SN/HWQZUp7rpiEpIiQHkRT5:EiRO8nyNOI0u7G+INw
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-