General
-
Target
6fad4976da2bd04abe815d5d70abcb59.exe
-
Size
328KB
-
Sample
210419-7lbx5rs8m6
-
MD5
6fad4976da2bd04abe815d5d70abcb59
-
SHA1
efd9f13ce017f7da924f24c6a101c8e79a2cc01c
-
SHA256
b63510ef1f908a56031aa259b42890edd4fea137cbfcc32cd3855b6f77e4a31f
-
SHA512
e1eba88f62771fdeeac6f7e6b0cbd63ec72bbe294290ccb42bf5ef52d362f1d879ef757e3e95265295101410d51f6c466ec2e213e824d901d3374e9f5d1de430
Static task
static1
Behavioral task
behavioral1
Sample
6fad4976da2bd04abe815d5d70abcb59.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
6fad4976da2bd04abe815d5d70abcb59.exe
Resource
win10v20210410
Malware Config
Extracted
warzonerat
cbngroup.duckdns.org:38050
Targets
-
-
Target
6fad4976da2bd04abe815d5d70abcb59.exe
-
Size
328KB
-
MD5
6fad4976da2bd04abe815d5d70abcb59
-
SHA1
efd9f13ce017f7da924f24c6a101c8e79a2cc01c
-
SHA256
b63510ef1f908a56031aa259b42890edd4fea137cbfcc32cd3855b6f77e4a31f
-
SHA512
e1eba88f62771fdeeac6f7e6b0cbd63ec72bbe294290ccb42bf5ef52d362f1d879ef757e3e95265295101410d51f6c466ec2e213e824d901d3374e9f5d1de430
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-