General
-
Target
SecuriteInfo.com.ArtemisB23AF6C6F1A9.18153.5594
-
Size
1.8MB
-
Sample
210412-dlk395xdxj
-
MD5
b23af6c6f1a909df7d67de1e4c2aaa8c
-
SHA1
197d74e8a1d544f8e58b576b7a9944cf3dc1e802
-
SHA256
98bfe099448bb6fd9805a64eef2cdcf84c7ea5ac8112540d5f21cc5e8294ed94
-
SHA512
d3999e3c3e0490044ac8f7b9f5ee597381cdd549556a2678efe6ae506f6e1386a89beb0c7367ff2a25db07afc5ec6b7f7d4f665c8990daf420637b1f517c5626
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.ArtemisB23AF6C6F1A9.18153.5594.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
SecuriteInfo.com.ArtemisB23AF6C6F1A9.18153.5594.exe
Resource
win10v20210408
Malware Config
Extracted
warzonerat
101.99.91.200:5200
Targets
-
-
Target
SecuriteInfo.com.ArtemisB23AF6C6F1A9.18153.5594
-
Size
1.8MB
-
MD5
b23af6c6f1a909df7d67de1e4c2aaa8c
-
SHA1
197d74e8a1d544f8e58b576b7a9944cf3dc1e802
-
SHA256
98bfe099448bb6fd9805a64eef2cdcf84c7ea5ac8112540d5f21cc5e8294ed94
-
SHA512
d3999e3c3e0490044ac8f7b9f5ee597381cdd549556a2678efe6ae506f6e1386a89beb0c7367ff2a25db07afc5ec6b7f7d4f665c8990daf420637b1f517c5626
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Sets DLL path for service in the registry
-
Drops startup file
-
Loads dropped DLL
-
Modifies WinLogon
-
Drops file in System32 directory
-