General
-
Target
SecuriteInfo.com.Trojan.Packed.24465.12290.29943
-
Size
129KB
-
Sample
210412-3q7evv6jmj
-
MD5
84316bd8a6b69472115faadfc446253f
-
SHA1
03c9c3263f71654173e55c7074434a75f487f2b7
-
SHA256
6d33f52ccba4dfd0f6ae6559d49f85bfbdb94560dc321cd09defa7d1278773cf
-
SHA512
f41d95d145739bc6688e04591db864c2e78cada2570d05364bdf3289fb466ce734dbb419662e3c8cae4b73f0da7113c7782a6a415791b7b1d8e3db0996680ad0
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.Packed.24465.12290.29943.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Trojan.Packed.24465.12290.29943.exe
Resource
win10v20210408
Malware Config
Extracted
warzonerat
148.251.48.16:5200
Targets
-
-
Target
SecuriteInfo.com.Trojan.Packed.24465.12290.29943
-
Size
129KB
-
MD5
84316bd8a6b69472115faadfc446253f
-
SHA1
03c9c3263f71654173e55c7074434a75f487f2b7
-
SHA256
6d33f52ccba4dfd0f6ae6559d49f85bfbdb94560dc321cd09defa7d1278773cf
-
SHA512
f41d95d145739bc6688e04591db864c2e78cada2570d05364bdf3289fb466ce734dbb419662e3c8cae4b73f0da7113c7782a6a415791b7b1d8e3db0996680ad0
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Executes dropped EXE
-
Drops startup file
-
Suspicious use of SetThreadContext
-