General
-
Target
90aced49ee9c5ce3fc9f47ba8fd7333d.exe
-
Size
1.5MB
-
Sample
210412-7529p6tq4j
-
MD5
90aced49ee9c5ce3fc9f47ba8fd7333d
-
SHA1
80aff2fec277427a40de384be7c8119a19354166
-
SHA256
40d4ee1e0fa412176d826027c500bfbc29ee4c65bfd13dcec2f0facd0021399c
-
SHA512
20e1d46f938eb1bf90178769074e1d6a247683d77a52776b047a4f02ad90a298dd93f641a25e9affcf08bb1a767025f70e6a628d6fa24154282abdb30b8cdecc
Static task
static1
Behavioral task
behavioral1
Sample
90aced49ee9c5ce3fc9f47ba8fd7333d.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
90aced49ee9c5ce3fc9f47ba8fd7333d.exe
Resource
win10v20201028
Malware Config
Extracted
warzonerat
101.99.91.200:5200
Targets
-
-
Target
90aced49ee9c5ce3fc9f47ba8fd7333d.exe
-
Size
1.5MB
-
MD5
90aced49ee9c5ce3fc9f47ba8fd7333d
-
SHA1
80aff2fec277427a40de384be7c8119a19354166
-
SHA256
40d4ee1e0fa412176d826027c500bfbc29ee4c65bfd13dcec2f0facd0021399c
-
SHA512
20e1d46f938eb1bf90178769074e1d6a247683d77a52776b047a4f02ad90a298dd93f641a25e9affcf08bb1a767025f70e6a628d6fa24154282abdb30b8cdecc
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Sets DLL path for service in the registry
-
Drops startup file
-
Loads dropped DLL
-
Modifies WinLogon
-
Drops file in System32 directory
-