General
-
Target
fa1e0286fe931a971f5165990a8d6b00
-
Size
735KB
-
Sample
210710-k3p8mq6xla
-
MD5
fa1e0286fe931a971f5165990a8d6b00
-
SHA1
edb4a1e8019a2fa424b4907e3f52fa9184d3ea46
-
SHA256
c877097a2a3852b34c2ee4b0c7b2f5c7a3dc5313570e0680e04adea7e44201ef
-
SHA512
0ebcc51cf20aa91fca1a157ab1a29ee9202e1ac24325b5d8887f2a44c4f259a8521318c48ad29087f2ddd658d01c7ccd5b580d8151ff108dafa1057e5e1defa0
Static task
static1
Behavioral task
behavioral1
Sample
fa1e0286fe931a971f5165990a8d6b00.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
fa1e0286fe931a971f5165990a8d6b00.exe
Resource
win10v20210408
Malware Config
Extracted
warzonerat
byx.z86.ru:5200
Targets
-
-
Target
fa1e0286fe931a971f5165990a8d6b00
-
Size
735KB
-
MD5
fa1e0286fe931a971f5165990a8d6b00
-
SHA1
edb4a1e8019a2fa424b4907e3f52fa9184d3ea46
-
SHA256
c877097a2a3852b34c2ee4b0c7b2f5c7a3dc5313570e0680e04adea7e44201ef
-
SHA512
0ebcc51cf20aa91fca1a157ab1a29ee9202e1ac24325b5d8887f2a44c4f259a8521318c48ad29087f2ddd658d01c7ccd5b580d8151ff108dafa1057e5e1defa0
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-