General
-
Target
f715cbfd600310bad1abdc5eef807397.exe
-
Size
1.5MB
-
Sample
210430-7xtmfk7nme
-
MD5
f715cbfd600310bad1abdc5eef807397
-
SHA1
683cd0b5c787067a31457e9594f19819f4eacd6a
-
SHA256
319c3633ab3522463e5a5126a5c2f059fca793cdb64d75865965557ecedd45bd
-
SHA512
bf614da2f0c484096e3c5fd8dd005234e701543a1b0f6f55588da21439518d08db571b837d64b75863db904308e22448e955c146cea990fe9a6436b31b05aeb3
Static task
static1
Behavioral task
behavioral1
Sample
f715cbfd600310bad1abdc5eef807397.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
f715cbfd600310bad1abdc5eef807397.exe
Resource
win10v20210410
Malware Config
Extracted
warzonerat
162.251.165.185:5200
Targets
-
-
Target
f715cbfd600310bad1abdc5eef807397.exe
-
Size
1.5MB
-
MD5
f715cbfd600310bad1abdc5eef807397
-
SHA1
683cd0b5c787067a31457e9594f19819f4eacd6a
-
SHA256
319c3633ab3522463e5a5126a5c2f059fca793cdb64d75865965557ecedd45bd
-
SHA512
bf614da2f0c484096e3c5fd8dd005234e701543a1b0f6f55588da21439518d08db571b837d64b75863db904308e22448e955c146cea990fe9a6436b31b05aeb3
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Suspicious use of SetThreadContext
-