General
-
Target
0921e88196061f8e07d9eae61ab7962b_JaffaCakes118
-
Size
6.2MB
-
Sample
240624-r4nhfa1cjq
-
MD5
0921e88196061f8e07d9eae61ab7962b
-
SHA1
1528bc80d54818db16eb892966d40d97b265d5e9
-
SHA256
4d14df174520a446e72cc59e0fddcfc738041d79190fa7cb8b5258c04ef854e9
-
SHA512
77d95ceb7358b264880de18c4493a09880f958fa39bfec11e6d010e9680e00d65bb2371dc0b8243067c0e9003520918ab73af20f3962108d541a1abb5da3cf2b
-
SSDEEP
98304:25cx4ADH8uZBTUUnxEZOHeIEUoWwt5I8EoFLoHKsIJ9A5ppvJn8xCOYLm5hp:9dDHnZBfHeworoliJ9A5PJnSv
Behavioral task
behavioral1
Sample
0921e88196061f8e07d9eae61ab7962b_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
0921e88196061f8e07d9eae61ab7962b_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
0921e88196061f8e07d9eae61ab7962b_JaffaCakes118
-
Size
6.2MB
-
MD5
0921e88196061f8e07d9eae61ab7962b
-
SHA1
1528bc80d54818db16eb892966d40d97b265d5e9
-
SHA256
4d14df174520a446e72cc59e0fddcfc738041d79190fa7cb8b5258c04ef854e9
-
SHA512
77d95ceb7358b264880de18c4493a09880f958fa39bfec11e6d010e9680e00d65bb2371dc0b8243067c0e9003520918ab73af20f3962108d541a1abb5da3cf2b
-
SSDEEP
98304:25cx4ADH8uZBTUUnxEZOHeIEUoWwt5I8EoFLoHKsIJ9A5ppvJn8xCOYLm5hp:9dDHnZBfHeworoliJ9A5PJnSv
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-