General
-
Target
Swift.exe
-
Size
838KB
-
Sample
210413-g4mpxhbp5a
-
MD5
4832512b0139507f1a4d1a9bcb9858ee
-
SHA1
386eac6f001a27066eb01bc5dd89930572b72a95
-
SHA256
b59b27b89189fc7fd98bc8f8a70d7d500907439cba4303c1eb812532fa2bc96f
-
SHA512
41bc5d6d1debd31c438f92c3acd656ccc5355dbe887cde06b4cb5d6f1a203cb1444757d587eafbcb49e417578f588a8724f38427859c7a63cc31be8cf08fc99b
Static task
static1
Behavioral task
behavioral1
Sample
Swift.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
Swift.exe
Resource
win10v20210408
Malware Config
Extracted
warzonerat
cbngroup.duckdns.org:38050
Targets
-
-
Target
Swift.exe
-
Size
838KB
-
MD5
4832512b0139507f1a4d1a9bcb9858ee
-
SHA1
386eac6f001a27066eb01bc5dd89930572b72a95
-
SHA256
b59b27b89189fc7fd98bc8f8a70d7d500907439cba4303c1eb812532fa2bc96f
-
SHA512
41bc5d6d1debd31c438f92c3acd656ccc5355dbe887cde06b4cb5d6f1a203cb1444757d587eafbcb49e417578f588a8724f38427859c7a63cc31be8cf08fc99b
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-