General
-
Target
POVdRnvBDNdZ0tZ.exe
-
Size
727KB
-
Sample
210407-necsrhxg4j
-
MD5
9710a8a9857b099694317f05c4da703e
-
SHA1
3faa03b1a2f63f42008c0a736b8faad86f114f5e
-
SHA256
d266e212f266cc2c64e151d3543e34beaed2a3666fa215c2a88d8a042b6e9a4a
-
SHA512
e9efa72bc615bc66a1747bd4db1a979a5f70eee68e859d0d807f26b5f11018000ac4b4d953d1133a3a719dd53cf4ea1710da9a37f2da3f95f88e0cd163a50efc
Static task
static1
Behavioral task
behavioral1
Sample
POVdRnvBDNdZ0tZ.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
POVdRnvBDNdZ0tZ.exe
Resource
win10v20201028
Malware Config
Extracted
warzonerat
genasispony.hopto.org:4477
Targets
-
-
Target
POVdRnvBDNdZ0tZ.exe
-
Size
727KB
-
MD5
9710a8a9857b099694317f05c4da703e
-
SHA1
3faa03b1a2f63f42008c0a736b8faad86f114f5e
-
SHA256
d266e212f266cc2c64e151d3543e34beaed2a3666fa215c2a88d8a042b6e9a4a
-
SHA512
e9efa72bc615bc66a1747bd4db1a979a5f70eee68e859d0d807f26b5f11018000ac4b4d953d1133a3a719dd53cf4ea1710da9a37f2da3f95f88e0cd163a50efc
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Suspicious use of SetThreadContext
-