General
-
Target
SecuriteInfo.com.Trojan.Packed.24465.2847.19588
-
Size
128KB
-
Sample
210412-fwvctjvk3x
-
MD5
811cba52862a62af61525f6d4c6ba768
-
SHA1
aa40b02a08223dcf34080757726d257156ecced9
-
SHA256
71a23392365192b43b1689b784e7bf7561ad95c6aa0432e6c4635e17e63b1b9d
-
SHA512
005882b4ede5c9cf9bf9a22514e0f3e5a0ff02f5e6bf680248449c34dfeca2383520781ff6a3198e27fb68e18520086bf3cc736bc75961bde0be0fc4cd1fd087
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.Packed.24465.2847.19588.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Trojan.Packed.24465.2847.19588.exe
Resource
win10v20210410
Malware Config
Extracted
warzonerat
148.251.48.16:5200
Targets
-
-
Target
SecuriteInfo.com.Trojan.Packed.24465.2847.19588
-
Size
128KB
-
MD5
811cba52862a62af61525f6d4c6ba768
-
SHA1
aa40b02a08223dcf34080757726d257156ecced9
-
SHA256
71a23392365192b43b1689b784e7bf7561ad95c6aa0432e6c4635e17e63b1b9d
-
SHA512
005882b4ede5c9cf9bf9a22514e0f3e5a0ff02f5e6bf680248449c34dfeca2383520781ff6a3198e27fb68e18520086bf3cc736bc75961bde0be0fc4cd1fd087
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Executes dropped EXE
-
Drops startup file
-
Suspicious use of SetThreadContext
-