General
-
Target
dafa.exe
-
Size
349KB
-
Sample
210507-vxbfx28n36
-
MD5
620239d356bc0af1c8dd8846a2613424
-
SHA1
0d3d341acc603593c8e060220e5e5046f987c065
-
SHA256
9479384c915a5bf368753c99a365ac15a21652ee21bd5db5ccff32c6deb899f4
-
SHA512
09b90b0f81f8d43ff793c606a320dbaf5fb51403ea8926be5dce42b117169bc36d71e3b500746ee71313c53a302cdeee590066d025927bb804ad8b9cc5ef0ea2
Static task
static1
Behavioral task
behavioral1
Sample
dafa.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
dafa.exe
Resource
win10v20210410
Malware Config
Extracted
warzonerat
santzo.warzonedns.com:5201
Targets
-
-
Target
dafa.exe
-
Size
349KB
-
MD5
620239d356bc0af1c8dd8846a2613424
-
SHA1
0d3d341acc603593c8e060220e5e5046f987c065
-
SHA256
9479384c915a5bf368753c99a365ac15a21652ee21bd5db5ccff32c6deb899f4
-
SHA512
09b90b0f81f8d43ff793c606a320dbaf5fb51403ea8926be5dce42b117169bc36d71e3b500746ee71313c53a302cdeee590066d025927bb804ad8b9cc5ef0ea2
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-