General
-
Target
Order Drawing.exe
-
Size
219KB
-
Sample
210520-bvae9crg8j
-
MD5
ba238aab80697e0c6479431b775fd98b
-
SHA1
c8ecc52cc128a599eecb34b51e3dcf4f5fd17aae
-
SHA256
316defa7aba9f42e2e5adc55ba4669303c1a341b68d2e6cf8e1ae3807cbac1e7
-
SHA512
df586609464c65db8611180694e28df39179d0f18c557806ccc32c1bfcb6ef69a1de5dd7759574f5a16a0e3663ad28da884660d2d6ef13eba4fadc08678981f0
Static task
static1
Behavioral task
behavioral1
Sample
Order Drawing.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
Order Drawing.exe
Resource
win10v20210410
Malware Config
Extracted
warzonerat
180.214.238.96:5200
Targets
-
-
Target
Order Drawing.exe
-
Size
219KB
-
MD5
ba238aab80697e0c6479431b775fd98b
-
SHA1
c8ecc52cc128a599eecb34b51e3dcf4f5fd17aae
-
SHA256
316defa7aba9f42e2e5adc55ba4669303c1a341b68d2e6cf8e1ae3807cbac1e7
-
SHA512
df586609464c65db8611180694e28df39179d0f18c557806ccc32c1bfcb6ef69a1de5dd7759574f5a16a0e3663ad28da884660d2d6ef13eba4fadc08678981f0
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Drops startup file
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-