General
-
Target
fa1bf2c3e92bf67c61bd482b3b4e20e9.exe
-
Size
847KB
-
Sample
210116-bs6n8hm542
-
MD5
fa1bf2c3e92bf67c61bd482b3b4e20e9
-
SHA1
d0f8938c1249fca3eb5d0ecb76a21bcfc3cd5bb4
-
SHA256
8186a0a03d0def9de9dce80543f12336eb276a7404e9da4680c170cfdd58b03d
-
SHA512
47d9a06b14652ed54dfa0cfa09b6a918537dbb3fed10ed14a313b94f66b9dbcd15d3c4cf13aa0f6b5bb3292ae91ecef4d0a4de8061af29e5a18db4bc9c3c29fd
Static task
static1
Behavioral task
behavioral1
Sample
fa1bf2c3e92bf67c61bd482b3b4e20e9.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
fa1bf2c3e92bf67c61bd482b3b4e20e9.exe
Resource
win10v20201028
Malware Config
Extracted
warzonerat
79.134.225.23:5200
Targets
-
-
Target
fa1bf2c3e92bf67c61bd482b3b4e20e9.exe
-
Size
847KB
-
MD5
fa1bf2c3e92bf67c61bd482b3b4e20e9
-
SHA1
d0f8938c1249fca3eb5d0ecb76a21bcfc3cd5bb4
-
SHA256
8186a0a03d0def9de9dce80543f12336eb276a7404e9da4680c170cfdd58b03d
-
SHA512
47d9a06b14652ed54dfa0cfa09b6a918537dbb3fed10ed14a313b94f66b9dbcd15d3c4cf13aa0f6b5bb3292ae91ecef4d0a4de8061af29e5a18db4bc9c3c29fd
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-