General
-
Target
09901a54ab98188f848d44ed6017a202_JaffaCakes118
-
Size
508KB
-
Sample
240624-tvlctsvcrk
-
MD5
09901a54ab98188f848d44ed6017a202
-
SHA1
1f5a6fe0c7bc77a9a7f7989cd5782fbab6600110
-
SHA256
e7c51f30d7e75372fc8c631a572d99c96ed3309430b7173b70e62f7a2c39b755
-
SHA512
41ea27fd1bbde0d8cad9047a3b213d9f1ee783d8ceaf25d8e68c44c7b7148743ab254fa8894e0cceac070fb1926d43af3e07377378ec7c8d3dffc05ce1a93d81
-
SSDEEP
12288:4v4tF6mQHmzo9q79LTAKm89YR/pEqQd01aRNI:4v4tF6PmZ79LkKmBR/Hmv3I
Static task
static1
Behavioral task
behavioral1
Sample
RFQ-HL51L0059.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
RFQ-HL51L0059.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
warzonerat
194.5.97.174:1360
Targets
-
-
Target
RFQ-HL51L0059.exe
-
Size
597KB
-
MD5
8fe12be2c428274b2bcceed7724a3ff8
-
SHA1
ddc562079d5351b90cb75d93c4249d20f86d00e0
-
SHA256
5ed0a1eb2ec9b7d30cd842ef6fd6ca94befa246f096074d8a9bf0e699f11a076
-
SHA512
646ccc482a71aa73119f23092833d09d5fd93aa18c465bff862fb2fea4ae4893278962bb21df0f84bf49794e169329ca5e8b9ffe5df54070ec62557809e77b04
-
SSDEEP
12288:lPlSyAabGdmlZsEo9e79LTAcm80jcElkkJ6U9:lPl0abGdmrsq79LkcmsElvB
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-