General

  • Target

    a45496a17af60b0045a96f7099bba9a0_JaffaCakes118

  • Size

    1.2MB

  • Sample

    241126-1v7pdsykbl

  • MD5

    a45496a17af60b0045a96f7099bba9a0

  • SHA1

    b85d6bc9103de6ca90d94381b7e65d00c3c27393

  • SHA256

    9513de9c40cf83fec27c8307f85eb2f4e122eeaa1e0457cedbb9d06510329061

  • SHA512

    5ca1148fcdc69edde9678f98312307614cb1260592a9d9ec507a23dd8aeeed4c880bc2f3f2bbdfd9095ec4c30742194839a6d83ce2eb4527888bd8691a44092b

  • SSDEEP

    24576:Nwj78OnD4D2AgtKQLeTBJ6YOp0e3H4Kuo9m3xoszhnVodCodQz:CjtHYC0A7b92xXTJ

Malware Config

Extracted

Language
xlm4.0
Source

Targets

    • Target

      Account Statement.xll

    • Size

      892KB

    • MD5

      b50fea4606274bedc8d82dfdb050894e

    • SHA1

      3fbc9e317c1d373fa02e0c6ec4b615f334e3104c

    • SHA256

      df51d17576e6b5ff7488221079a6d0beb42cebf347c7ea04f4b07f2188863a16

    • SHA512

      fdfbd571b5c018b0b50ae025e59069f2e5b708af53c4df5e888328c0d7d0d4d70c8e8a3f8b5be708a49ec3bfa6d6a37dd2c0e932980c849e95ba17a233c3d95a

    • SSDEEP

      24576:IzbGHAzHAjX1VcLg5KzdcXDq3oKLGIua:IziHILEgzdIeYKSa

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    • Warzonerat family

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks