General
-
Target
tuesdacrypted.exe
-
Size
1.5MB
-
Sample
210114-t5jsrt8rn2
-
MD5
3a84b77974a6ec15009a18042c369b11
-
SHA1
e77f891790b4f4f2728cd687c3ffd99d263d0e31
-
SHA256
f74176506b2de80c22ba193508413540b9b13ca4ab364ecba8ae97120adb3ec3
-
SHA512
49cd9bd37a3aa701dc3bc16fa7d311ba57b8519124168f00526fd321ab96d9b2ccde654fad4da5c0c24f57c79884271756d07db6c746273c44dfe9eaa3a22d85
Static task
static1
Behavioral task
behavioral1
Sample
tuesdacrypted.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
tuesdacrypted.exe
Resource
win10v20201028
Malware Config
Extracted
warzonerat
185.222.57.68:5200
Targets
-
-
Target
tuesdacrypted.exe
-
Size
1.5MB
-
MD5
3a84b77974a6ec15009a18042c369b11
-
SHA1
e77f891790b4f4f2728cd687c3ffd99d263d0e31
-
SHA256
f74176506b2de80c22ba193508413540b9b13ca4ab364ecba8ae97120adb3ec3
-
SHA512
49cd9bd37a3aa701dc3bc16fa7d311ba57b8519124168f00526fd321ab96d9b2ccde654fad4da5c0c24f57c79884271756d07db6c746273c44dfe9eaa3a22d85
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-