warzonerat | 52e47dec2ccc537f6ee84e42adedc766122357ec39ec90e93141d36f6e82ab05 | Triage

Submit
Reports

Overview

overview

Static

static

3

c044e89e4d...18.exe

windows7-x64

c044e89e4d...18.exe

windows10-2004-x64

Sharing

General

Target

c044e89e4ddb784d57b4f666f5c4494b_JaffaCakes118
Size

703KB
Sample

240825-jlm5ystanb
MD5

c044e89e4ddb784d57b4f666f5c4494b
SHA1

560103007239f9f0a67294ba066c4e17d11722f3
SHA256

52e47dec2ccc537f6ee84e42adedc766122357ec39ec90e93141d36f6e82ab05
SHA512

a95047a8067020fcdbd40681cdcfe34672c21781b05693769ac66e975a887fcea33bc31c6105ca6abd86136f466925f7aa84cb50ce7b7cd098fcbbe2a95063d3
SSDEEP

12288:Dsq4z4TEt7xdY+8XKEyx/Mt9tEC1K7nUmSiU/kJiyEKJpJVDt+Zmbap7lJfkHheO:DAQijaw1qwC1UUmP5n

Score

10^/10

warzonerat discovery infostealer rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

c044e89e4ddb784d57b4f666f5c4494b_JaffaCakes118.exe

Resource

win7-20240704-en

warzonerat discovery infostealer rat trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

c044e89e4ddb784d57b4f666f5c4494b_JaffaCakes118.exe

Resource

win10v2004-20240802-en

warzonerat discovery infostealer rat trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

warzonerat

C2

45.61.136.88:5200

Targets

- Target
  
  c044e89e4ddb784d57b4f666f5c4494b_JaffaCakes118
- Size
  
  703KB
- MD5
  
  c044e89e4ddb784d57b4f666f5c4494b
- SHA1
  
  560103007239f9f0a67294ba066c4e17d11722f3
- SHA256
  
  52e47dec2ccc537f6ee84e42adedc766122357ec39ec90e93141d36f6e82ab05
- SHA512
  
  a95047a8067020fcdbd40681cdcfe34672c21781b05693769ac66e975a887fcea33bc31c6105ca6abd86136f466925f7aa84cb50ce7b7cd098fcbbe2a95063d3
- SSDEEP
  
  12288:Dsq4z4TEt7xdY+8XKEyx/Mt9tEC1K7nUmSiU/kJiyEKJpJVDt+Zmbap7lJfkHheO:DAQijaw1qwC1UUmP5n
Score

10^/10

warzonerat discovery infostealer rat trojan
- Detects BazaLoader malware
  BazaLoader is a trojan that transmits logs to the Command and Control (C2) server, encoding them in BASE64 format through GET requests - JaffaCakes118.
  trojan
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

warzoneratdiscoveryinfostealerrattrojan

behavioral2

warzoneratdiscoveryinfostealerrattrojan

© 2018-2025

Terms | Privacy