General
-
Target
0186ebe5d9283ebf5468d6e6aa43ad07_JaffaCakes118
-
Size
297KB
-
Sample
240622-lz42qsshlb
-
MD5
0186ebe5d9283ebf5468d6e6aa43ad07
-
SHA1
e64ea76a4c8aed4ff374814cfc912181ab159717
-
SHA256
a2f25508bf1afda77068376b2ff8418e18a089bf2dfa31df58bf3428eb8b5477
-
SHA512
f7eafc05d247e6046b04b45f7e11535493b88e11048a4ded1102e27fb26ba7f1e52340353341935cd42e2675a50a4a766141c1ab28aeb7fdd64adb01fb5a0cfc
-
SSDEEP
6144:C2WaaHuwcF+pZ+HpQ5wXJuKA7M8mt6RjGtEIjggHeyvMH:C7hHVLCHbX3AsYRjGtLggHeyvMH
Static task
static1
Behavioral task
behavioral1
Sample
0186ebe5d9283ebf5468d6e6aa43ad07_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
0186ebe5d9283ebf5468d6e6aa43ad07_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
warzonerat
binancino.hopto.org:5200
Targets
-
-
Target
0186ebe5d9283ebf5468d6e6aa43ad07_JaffaCakes118
-
Size
297KB
-
MD5
0186ebe5d9283ebf5468d6e6aa43ad07
-
SHA1
e64ea76a4c8aed4ff374814cfc912181ab159717
-
SHA256
a2f25508bf1afda77068376b2ff8418e18a089bf2dfa31df58bf3428eb8b5477
-
SHA512
f7eafc05d247e6046b04b45f7e11535493b88e11048a4ded1102e27fb26ba7f1e52340353341935cd42e2675a50a4a766141c1ab28aeb7fdd64adb01fb5a0cfc
-
SSDEEP
6144:C2WaaHuwcF+pZ+HpQ5wXJuKA7M8mt6RjGtEIjggHeyvMH:C7hHVLCHbX3AsYRjGtLggHeyvMH
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Core1 .NET packer
Detects packer/loader used by .NET malware.
-
Warzone RAT payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-