General
-
Target
Swift copy1.exe
-
Size
429KB
-
Sample
210118-yx8wa2egva
-
MD5
b4b1b341db3659557f6889b110118647
-
SHA1
74a96a1a94141a637cb25af5bb701f44900cc562
-
SHA256
92d313adba54865940c275dc40b1dfcb8a4f94996be1a2f14d1136cd202809b2
-
SHA512
b396811cec6dbe6ae177815d261a5a4e8934abc30e407af1b9e3507a316bcc1767dab3538e130fb6411045d63aeb552536037a8050d8aebd6cb6090a1ec9eb94
Static task
static1
Behavioral task
behavioral1
Sample
Swift copy1.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Swift copy1.exe
Resource
win10v20201028
Malware Config
Extracted
warzonerat
185.239.242.18:5200
Targets
-
-
Target
Swift copy1.exe
-
Size
429KB
-
MD5
b4b1b341db3659557f6889b110118647
-
SHA1
74a96a1a94141a637cb25af5bb701f44900cc562
-
SHA256
92d313adba54865940c275dc40b1dfcb8a4f94996be1a2f14d1136cd202809b2
-
SHA512
b396811cec6dbe6ae177815d261a5a4e8934abc30e407af1b9e3507a316bcc1767dab3538e130fb6411045d63aeb552536037a8050d8aebd6cb6090a1ec9eb94
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Drops startup file
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-