Extracted

• • Target

    cda0f8a6f45ac14016a97eac3a7e5a83_JaffaCakes118

  • Size

    324KB

  • MD5

    cda0f8a6f45ac14016a97eac3a7e5a83

  • SHA1

    44b79ac4bc2a38990b3be7b0536ca3a56ac169bb

  • SHA256

    4997489fb6fd63142f6caf468188e91a1e34a80a475ca4c89061bdc7f05cef89

  • SHA512

    c93c3bbe26f6a9a939b9c025a5964b3d863e2aff47675c2ce0521543e3096d0353f97afb9cc03a3585e6dd2ef74049d22b9016ec8da51bea26836fb3fb5fafd8

  • SSDEEP

    6144:2nMV24atCOXZuDCzR6/4tXULxz6Aed40EeyER8ptBxTeTj4C54e5JPX6F1/csCGU:PyDZu86AtAzad4hER87Bx7NeLPKF1kN

  Score

  10^/10

  bazaloaderwarzoneratdiscoveryinfostealerrattrojan

  • Bazaloader family

    bazaloader

  • Detects BazaLoader malware

    BazaLoader is a trojan that transmits logs to the Command and Control (C2) server, encoding them in BASE64 format through GET requests - JaffaCakes118.

    trojan

  • WarzoneRat, AveMaria

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    ratinfostealerwarzonerat

  • Warzonerat family

    warzonerat

  • Warzone RAT payload

    rat

  • Executes dropped EXE

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

  behavioral1behavioral2