General
-
Target
19c2867209e2a694a08db9b5dff9ae8f_JaffaCakes118
-
Size
428KB
-
Sample
240628-ma9rcswhlr
-
MD5
19c2867209e2a694a08db9b5dff9ae8f
-
SHA1
ee8ef13182dd2dd342e71fe132e3c06b268bc4ce
-
SHA256
4526c6e5f6bfa47b490e21e06f3f212454740c1b14155e47e6e28a3354e14ff5
-
SHA512
fcf8958bd83f9538127099271c986138d4303e0735bbbaceed7907d8f11ad34b6912d30b321eb6ab5976b06b181055017ce9026b46ccadcbd3fa48649e4564d3
-
SSDEEP
12288:hlVPoo/7qARSM0OOidEYzF1hGAkWG+bR7:h/7OOt6YHEqG8x
Static task
static1
Behavioral task
behavioral1
Sample
dhl-agb-frankierung-15022021.pdf/dhl-agb-frankierung-15022021.pdf.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
dhl-agb-frankierung-15022021.pdf/dhl-agb-frankierung-15022021.pdf.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
warzonerat
194.5.97.34:1405
Targets
-
-
Target
dhl-agb-frankierung-15022021.pdf/dhl-agb-frankierung-15022021.pdf.exe
-
Size
1010KB
-
MD5
9f9d78a435e883b7ae0f4f8a3ceda231
-
SHA1
3019720b2862c09b6daba85ae534e5d9eaf22b33
-
SHA256
1900a5cf6e98ce97264478288b8e27ad6055b15c1a44c8be1d546d3c02934d69
-
SHA512
b9ee992def2badcae45ca2b58ac37cd885920a442597f6dc63843f713967a496bf18e5504c430fbb68cea064cc8239ff41aa63439677eb83c43288937d98fb59
-
SSDEEP
12288:69azXVAdLTyP/m1WeX8q0uSLBUvSWnNgUNtHpIRnsxxGhEm4WUWu2RKw2xy6nnjF:FUG/m8C8nOvlNO6nnjqKoe
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-