General
-
Target
a45496a17af60b0045a96f7099bba9a0_JaffaCakes118
-
Size
1.2MB
-
Sample
241126-1v7pdsykbl
-
MD5
a45496a17af60b0045a96f7099bba9a0
-
SHA1
b85d6bc9103de6ca90d94381b7e65d00c3c27393
-
SHA256
9513de9c40cf83fec27c8307f85eb2f4e122eeaa1e0457cedbb9d06510329061
-
SHA512
5ca1148fcdc69edde9678f98312307614cb1260592a9d9ec507a23dd8aeeed4c880bc2f3f2bbdfd9095ec4c30742194839a6d83ce2eb4527888bd8691a44092b
-
SSDEEP
24576:Nwj78OnD4D2AgtKQLeTBJ6YOp0e3H4Kuo9m3xoszhnVodCodQz:CjtHYC0A7b92xXTJ
Static task
static1
Behavioral task
behavioral1
Sample
Account Statement.xll
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Account Statement.xll
Resource
win10v2004-20241007-en
Malware Config
Extracted
Targets
-
-
Target
Account Statement.xll
-
Size
892KB
-
MD5
b50fea4606274bedc8d82dfdb050894e
-
SHA1
3fbc9e317c1d373fa02e0c6ec4b615f334e3104c
-
SHA256
df51d17576e6b5ff7488221079a6d0beb42cebf347c7ea04f4b07f2188863a16
-
SHA512
fdfbd571b5c018b0b50ae025e59069f2e5b708af53c4df5e888328c0d7d0d4d70c8e8a3f8b5be708a49ec3bfa6d6a37dd2c0e932980c849e95ba17a233c3d95a
-
SSDEEP
24576:IzbGHAzHAjX1VcLg5KzdcXDq3oKLGIua:IziHILEgzdIeYKSa
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzonerat family
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-