General
-
Target
LnkxrWO6yvd9qaJ.exe
-
Size
537KB
-
Sample
210115-v9538xm3vj
-
MD5
a9933988c3f46eef0110f5d707581e80
-
SHA1
776002c8099ed9648d4ced12ba06ca4314011ba3
-
SHA256
a5493fcfa116bae23b26373c6aeec273c025be4798a14a2127dc134ba0b1c8b5
-
SHA512
d28673ad2aad7ef222c469c0f2a0354f89cb3366fd41beb2b598a4690712dea9ebe14ab568ae76ae72cb076dbb1f962912827f8d2a64f1edee3c1ceb63b89504
Static task
static1
Behavioral task
behavioral1
Sample
LnkxrWO6yvd9qaJ.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
LnkxrWO6yvd9qaJ.exe
Resource
win10v20201028
Malware Config
Extracted
warzonerat
185.222.58.156:5200
Targets
-
-
Target
LnkxrWO6yvd9qaJ.exe
-
Size
537KB
-
MD5
a9933988c3f46eef0110f5d707581e80
-
SHA1
776002c8099ed9648d4ced12ba06ca4314011ba3
-
SHA256
a5493fcfa116bae23b26373c6aeec273c025be4798a14a2127dc134ba0b1c8b5
-
SHA512
d28673ad2aad7ef222c469c0f2a0354f89cb3366fd41beb2b598a4690712dea9ebe14ab568ae76ae72cb076dbb1f962912827f8d2a64f1edee3c1ceb63b89504
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Suspicious use of SetThreadContext
-