General
-
Target
b2fcf484a403c55e6a844681e4363741_JaffaCakes118
-
Size
1.1MB
-
Sample
240616-mccveatbrp
-
MD5
b2fcf484a403c55e6a844681e4363741
-
SHA1
f1755359485433fde6eaa53b32612a8c7c0cfb51
-
SHA256
5ad6cab84ddc89823beee12915852cf7d629fd637465282a59747368be1df104
-
SHA512
2ce1778d7145c1ba53a104451583124a1d529b8f1e94fc94533ed28ed40d1e169dafe5aae7f305b6b2fb8e0085e46f52e4926c4383ec25ef78f57398b5f65205
-
SSDEEP
24576:IAHnh+eWsN3skA4RV1Hom2KXMmHacmDnNeDtoFu5:Ph+ZkldoPK8Yac9om
Static task
static1
Behavioral task
behavioral1
Sample
b2fcf484a403c55e6a844681e4363741_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
b2fcf484a403c55e6a844681e4363741_JaffaCakes118.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
warzonerat
dnanux12.servehttp.com:24197
Targets
-
-
Target
b2fcf484a403c55e6a844681e4363741_JaffaCakes118
-
Size
1.1MB
-
MD5
b2fcf484a403c55e6a844681e4363741
-
SHA1
f1755359485433fde6eaa53b32612a8c7c0cfb51
-
SHA256
5ad6cab84ddc89823beee12915852cf7d629fd637465282a59747368be1df104
-
SHA512
2ce1778d7145c1ba53a104451583124a1d529b8f1e94fc94533ed28ed40d1e169dafe5aae7f305b6b2fb8e0085e46f52e4926c4383ec25ef78f57398b5f65205
-
SSDEEP
24576:IAHnh+eWsN3skA4RV1Hom2KXMmHacmDnNeDtoFu5:Ph+ZkldoPK8Yac9om
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Drops startup file
-
Suspicious use of SetThreadContext
-