General
-
Target
klz4gyUavm3BYrK.exe
-
Size
589KB
-
Sample
210401-lwh7rek2dn
-
MD5
a4f1d30c779341883a5aa160f647eea6
-
SHA1
64b7e6d3afe4c776c7ce70451e9f02ffaa1e1aec
-
SHA256
f1b5c3f7c1ee438590757e114f1c379f6c3d5fc7b349cad583976106737beb61
-
SHA512
995027ec72c69dc4ce81ef07d7f3c4106f9e1fc9301dce02336fe5c99c1e941716f2e76c3d80e488368af6ea5a61eb024bd779a605e71eba1a6a4afc48257b63
Static task
static1
Behavioral task
behavioral1
Sample
klz4gyUavm3BYrK.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
klz4gyUavm3BYrK.exe
Resource
win10v20201028
Malware Config
Extracted
warzonerat
genasispony.hopto.org:4477
Targets
-
-
Target
klz4gyUavm3BYrK.exe
-
Size
589KB
-
MD5
a4f1d30c779341883a5aa160f647eea6
-
SHA1
64b7e6d3afe4c776c7ce70451e9f02ffaa1e1aec
-
SHA256
f1b5c3f7c1ee438590757e114f1c379f6c3d5fc7b349cad583976106737beb61
-
SHA512
995027ec72c69dc4ce81ef07d7f3c4106f9e1fc9301dce02336fe5c99c1e941716f2e76c3d80e488368af6ea5a61eb024bd779a605e71eba1a6a4afc48257b63
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Suspicious use of SetThreadContext
-