General
-
Target
Acc Credentials.com
-
Size
209KB
-
Sample
210119-b7kzm7x9me
-
MD5
ad81d8d06828e2dc073ec600a761a1c2
-
SHA1
dda67e41117b0dc2fd837380bdf6f29ebc01c001
-
SHA256
67df8566558d9eab83c820ba7cc28cdcb92f1d9e4211a1205c80a5b63ef9cd54
-
SHA512
67118971c10109ef89951f833c64610c08dedeecf16670bf3436352b1b4f45afb5cbaf99397cd6543e493719f9f0524b23677d54d266bc9bfb07c5368b3ddf14
Static task
static1
Behavioral task
behavioral1
Sample
Acc Credentials.com.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Acc Credentials.com.exe
Resource
win10v20201028
Malware Config
Extracted
warzonerat
iphanyi.mywire.org:5552
Targets
-
-
Target
Acc Credentials.com
-
Size
209KB
-
MD5
ad81d8d06828e2dc073ec600a761a1c2
-
SHA1
dda67e41117b0dc2fd837380bdf6f29ebc01c001
-
SHA256
67df8566558d9eab83c820ba7cc28cdcb92f1d9e4211a1205c80a5b63ef9cd54
-
SHA512
67118971c10109ef89951f833c64610c08dedeecf16670bf3436352b1b4f45afb5cbaf99397cd6543e493719f9f0524b23677d54d266bc9bfb07c5368b3ddf14
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-