Extracted

• • Target

    f4521c6aace782f33b8afdc157ebd10f_JaffaCakes118

  • Size

    329KB

  • MD5

    f4521c6aace782f33b8afdc157ebd10f

  • SHA1

    28c89031d7b796bfee391fa03c5ff654bd057fd7

  • SHA256

    a7afcc40d88bf419bc84f92a2bdd394b3aeb18f1b98e608c5cd034a885393c2e

  • SHA512

    f094dd1424c4fd0ca98a08d553a6ef7bb2fc273b1834428eade6ef690034553745cac8299f564941b69ef4cfc0914904f393a72a1b404be4aeda064c5965a9b3

  • SSDEEP

    6144:yBS0xxqrm6OEs/1A4ev9p97Yo1jrR99IGlDR57n6:yke6OtK9p98odR9b57n

  Score

  10^/10

  bazaloaderwarzoneratdiscoveryinfostealerrattrojan

  • Bazaloader family

    bazaloader

  • Detects BazaLoader malware

    BazaLoader is a trojan that transmits logs to the Command and Control (C2) server, encoding them in BASE64 format through GET requests - JaffaCakes118.

    trojan

  • WarzoneRat, AveMaria

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    ratinfostealerwarzonerat

  • Warzonerat family

    warzonerat

  • Warzone RAT payload

    rat

  • Executes dropped EXE

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

  behavioral1behavioral2