General
-
Target
SecuriteInfo.com.Trojan.Packed.24465.17731.23605
-
Size
128KB
-
Sample
210412-ndd926mbba
-
MD5
5c09522de5f3253871d318ba84094b2e
-
SHA1
c783db9c74006be5933fa057f2ff532b60392b94
-
SHA256
872ac5743d339a60af70e0b933a15c4c68f5e40b168c3b5ef444cf280673ee42
-
SHA512
e850c6daaa4809a8204c3f5a346a2ba89477048e0458de040f516d8e4506101ff04f43400e6daf8f7d1fa249f92e1bdd79448232d78b254b1845223413dd4f4c
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.Packed.24465.17731.23605.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Trojan.Packed.24465.17731.23605.exe
Resource
win10v20210410
Malware Config
Extracted
warzonerat
148.251.48.16:5200
Targets
-
-
Target
SecuriteInfo.com.Trojan.Packed.24465.17731.23605
-
Size
128KB
-
MD5
5c09522de5f3253871d318ba84094b2e
-
SHA1
c783db9c74006be5933fa057f2ff532b60392b94
-
SHA256
872ac5743d339a60af70e0b933a15c4c68f5e40b168c3b5ef444cf280673ee42
-
SHA512
e850c6daaa4809a8204c3f5a346a2ba89477048e0458de040f516d8e4506101ff04f43400e6daf8f7d1fa249f92e1bdd79448232d78b254b1845223413dd4f4c
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Executes dropped EXE
-
Drops startup file
-
Suspicious use of SetThreadContext
-