General
-
Target
b3b4dedead0fe31afa2662531248365f_JaffaCakes118
-
Size
440KB
-
Sample
240616-qj3wysydrn
-
MD5
b3b4dedead0fe31afa2662531248365f
-
SHA1
bec33f6b3cc7ac799b882e94d2ad9a09a48b8927
-
SHA256
cd338d07638f35ba1bec4b3330885f2677235547998bc5f1f43cfb61f7c4a539
-
SHA512
5828ee0805532dbf08b162ae5e1d6cc9c0f0beb2a1f9889c8ea7c007492daee41be9d5dcc1579507d44273cd7892c1faebe8356539b79fbf0d0e716bf25574d9
-
SSDEEP
6144:gK1hdbseMXsBOm0gTN3419IjBxNAAvujAHyAGPQQ08QFfyLHG:gKTMXjqo19eBHak8NQem
Static task
static1
Behavioral task
behavioral1
Sample
b3b4dedead0fe31afa2662531248365f_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
b3b4dedead0fe31afa2662531248365f_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
warzonerat
glorylnter.hopto.org:5988
Targets
-
-
Target
b3b4dedead0fe31afa2662531248365f_JaffaCakes118
-
Size
440KB
-
MD5
b3b4dedead0fe31afa2662531248365f
-
SHA1
bec33f6b3cc7ac799b882e94d2ad9a09a48b8927
-
SHA256
cd338d07638f35ba1bec4b3330885f2677235547998bc5f1f43cfb61f7c4a539
-
SHA512
5828ee0805532dbf08b162ae5e1d6cc9c0f0beb2a1f9889c8ea7c007492daee41be9d5dcc1579507d44273cd7892c1faebe8356539b79fbf0d0e716bf25574d9
-
SSDEEP
6144:gK1hdbseMXsBOm0gTN3419IjBxNAAvujAHyAGPQQ08QFfyLHG:gKTMXjqo19eBHak8NQem
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-