General
-
Target
1afbf93739476cf388297983f1c4f32a_JaffaCakes118
-
Size
1.7MB
-
Sample
240701-mrb7eswhqe
-
MD5
1afbf93739476cf388297983f1c4f32a
-
SHA1
133f3ad67f07793e2a8dda6fc200b59e20b9cddf
-
SHA256
730419e98bfe7df620914152b813c784f9c3645794aa19e6160dd258f8422025
-
SHA512
45a75fe2f1e912c897ee779bd4c327799ec5311d15654e78110bc6b5fb9622d69bcb9ead98e2a444a3160d7a7a0e8e7696156cb099ecaa6f2abddd2df1db0441
-
SSDEEP
6144:txd05BAl92z8P2GhNRavMIuLAhwQI9To0TM4pONBMbvoyA4KhD3Njzx6D:tx+c5P2iNS9ZPysBMcz3Nj
Static task
static1
Behavioral task
behavioral1
Sample
DOC7790.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
DOC7790.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
warzonerat
212.192.241.54:5200
Targets
-
-
Target
DOC7790.exe
-
Size
1.1MB
-
MD5
650343549a8f3d22f8dd073c806daca8
-
SHA1
a51f94d650b75451ac9fd58599c9b5839f415218
-
SHA256
a8a5bfc62922bd09677deb20fe7d4c18a9098bdbc29322c7629d368d9f261a6d
-
SHA512
ab28a2e7b561c30e0d5f1c8f1d2917faa0938a640ec63b8475312fc7e624e857fd66b0e2d9d949ae4e9f3e492b8572b6a2dbf20efcd5b06248eb2b242c460110
-
SSDEEP
6144:exd05BAl92z8P2GhNRavMIuLAhwQI9To0TM4pONBMbvoyA4KhD3Njzx6D:ex+c5P2iNS9ZPysBMcz3Nj
Score10/10-
Detects BazaLoader malware
BazaLoader is a trojan that transmits logs to the Command and Control (C2) server, encoding them in BASE64 format through GET requests.
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-