General
-
Target
807f0f985e9e4f3e8f0bcd4f55edfe33_JaffaCakes118
-
Size
818KB
-
Sample
241030-2ywlzasgrb
-
MD5
807f0f985e9e4f3e8f0bcd4f55edfe33
-
SHA1
cda44708c3c8efe8d980250e791ee8cde1f7afc7
-
SHA256
18557447ecf0465479dbc151e8b1370550f10211373cd738e3a67e9112927bc8
-
SHA512
2f44a8ee43d7df95a4252d0223246f05de2e2909b0d2315c0b91d6e5ba234f6de29fe281a1ada596eb1eccf600e9b95a69837a8296382441dc11463beb17fee2
-
SSDEEP
12288:ErF379ZC7EbHCegVz9UPRdZ9fyWmqbA3:KhZDbfgVz9UPR9f9bA
Static task
static1
Behavioral task
behavioral1
Sample
807f0f985e9e4f3e8f0bcd4f55edfe33_JaffaCakes118.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
807f0f985e9e4f3e8f0bcd4f55edfe33_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
warzonerat
googleservers.org:5740
Targets
-
-
Target
807f0f985e9e4f3e8f0bcd4f55edfe33_JaffaCakes118
-
Size
818KB
-
MD5
807f0f985e9e4f3e8f0bcd4f55edfe33
-
SHA1
cda44708c3c8efe8d980250e791ee8cde1f7afc7
-
SHA256
18557447ecf0465479dbc151e8b1370550f10211373cd738e3a67e9112927bc8
-
SHA512
2f44a8ee43d7df95a4252d0223246f05de2e2909b0d2315c0b91d6e5ba234f6de29fe281a1ada596eb1eccf600e9b95a69837a8296382441dc11463beb17fee2
-
SSDEEP
12288:ErF379ZC7EbHCegVz9UPRdZ9fyWmqbA3:KhZDbfgVz9UPR9f9bA
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzonerat family
-
Warzone RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-