General
-
Target
Fattura di errore.exe
-
Size
958KB
-
Sample
210408-hdycvwlcge
-
MD5
6546bd083796d7fa2f20246a4bffc82b
-
SHA1
06d4a96dae07bf99da76cc57585eae0dca31053c
-
SHA256
14e98f487bcb81ea810e155c7917d298d4ebbc674c795439a1cfa3775f85a679
-
SHA512
9da93507ae7c83cf85486dc4dd82f3389088622105e0c9da3c0d436f543f8050b992222efccc335ae66d9ba1db5d99d080d9a07fc70bb7d6522ef22c5ffa2784
Static task
static1
Behavioral task
behavioral1
Sample
Fattura di errore.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Fattura di errore.exe
Resource
win10v20201028
Malware Config
Extracted
warzonerat
104.209.133.4:7500
Targets
-
-
Target
Fattura di errore.exe
-
Size
958KB
-
MD5
6546bd083796d7fa2f20246a4bffc82b
-
SHA1
06d4a96dae07bf99da76cc57585eae0dca31053c
-
SHA256
14e98f487bcb81ea810e155c7917d298d4ebbc674c795439a1cfa3775f85a679
-
SHA512
9da93507ae7c83cf85486dc4dd82f3389088622105e0c9da3c0d436f543f8050b992222efccc335ae66d9ba1db5d99d080d9a07fc70bb7d6522ef22c5ffa2784
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Suspicious use of SetThreadContext
-