General
-
Target
Vessel Documents ASF.7z
-
Size
378KB
-
Sample
210401-6qm7h1bm92
-
MD5
9e7925e9724294f19395821cd3e5d50a
-
SHA1
50ed2479cd7f1a8daf629c5057f75385db08bce3
-
SHA256
83364075849df0402e0c8c3f01282f3c5cd84e3e820cbc1742bc389095126d4b
-
SHA512
1806049bc5e36e44d98c58c6541d40d29b2a216b646dce115fe2b8e94544cac0a5550a191a439de6b25c03f1a0398a6b741d1c7862a5400f752e553d29d942c2
Static task
static1
Behavioral task
behavioral1
Sample
Vessel Documents ASF.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Vessel Documents ASF.exe
Resource
win10v20201028
Malware Config
Extracted
warzonerat
172.93.187.92:1717
Targets
-
-
Target
Vessel Documents ASF.exe
-
Size
467KB
-
MD5
08c6c5e68a6cc3a35e5fd0ccc2dadd5a
-
SHA1
d90b14169f63959dcc32606f525f633980c7def6
-
SHA256
6480908a20c070a7689d55d368cff5369b0345143cd15eb93a2cf6f72f0bad83
-
SHA512
2a55e7ea548ad82b767506b45632f6ce44facc39d80613f0b767d378237fdc4d818ca6e145b45f07fee275d957b5bc928745a727ab1488f57e2b038430eee3ac
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Sets DLL path for service in the registry
-
Loads dropped DLL
-
Modifies WinLogon
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-