General
-
Target
PO NUMBER 3120386 3120393 SIGNED.exe
-
Size
694KB
-
Sample
210412-zpa7nxmn62
-
MD5
199796d8afa08570d2dcc4448c85ef57
-
SHA1
573638654e04a6d364a8f742e74ce1594209a199
-
SHA256
13356069fcc14e4acc6e0da16a76a8acc79767e2ebdca084ab67a7d8a559fd8e
-
SHA512
cb461b03e64f094206d6efd3c6be9917cfa9ba92f68917be85afada3cee2a5962b0d54070a9639f287f102068d83e14dedbf163f3db98199aaa5ffb0b8b629ec
Static task
static1
Behavioral task
behavioral1
Sample
PO NUMBER 3120386 3120393 SIGNED.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
PO NUMBER 3120386 3120393 SIGNED.exe
Resource
win10v20201028
Malware Config
Extracted
warzonerat
engkaa.ddns.net:4545
Targets
-
-
Target
PO NUMBER 3120386 3120393 SIGNED.exe
-
Size
694KB
-
MD5
199796d8afa08570d2dcc4448c85ef57
-
SHA1
573638654e04a6d364a8f742e74ce1594209a199
-
SHA256
13356069fcc14e4acc6e0da16a76a8acc79767e2ebdca084ab67a7d8a559fd8e
-
SHA512
cb461b03e64f094206d6efd3c6be9917cfa9ba92f68917be85afada3cee2a5962b0d54070a9639f287f102068d83e14dedbf163f3db98199aaa5ffb0b8b629ec
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-