General
-
Target
c62b1fdc546779ba469db64d1cb60e22
-
Size
113KB
-
Sample
210710-r6cyrggh4s
-
MD5
c62b1fdc546779ba469db64d1cb60e22
-
SHA1
4ed27e66827e84742e9bf004a946ef885eb63339
-
SHA256
3227adef3bb92d94337e08fba6b7a73dbc93b06239d6af04625c571f6755fd6e
-
SHA512
05da8cbf014406d10d9273707ac0c4524176bff8da11340a93c86380f5bcdbc95f63e0c4bc7ac072cc2a4d77972554d1e75f945943ac7b1793bf89f05e3c4197
Static task
static1
Behavioral task
behavioral1
Sample
c62b1fdc546779ba469db64d1cb60e22.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
c62b1fdc546779ba469db64d1cb60e22.exe
Resource
win10v20210410
Malware Config
Extracted
warzonerat
147.124.212.196:1111
Targets
-
-
Target
c62b1fdc546779ba469db64d1cb60e22
-
Size
113KB
-
MD5
c62b1fdc546779ba469db64d1cb60e22
-
SHA1
4ed27e66827e84742e9bf004a946ef885eb63339
-
SHA256
3227adef3bb92d94337e08fba6b7a73dbc93b06239d6af04625c571f6755fd6e
-
SHA512
05da8cbf014406d10d9273707ac0c4524176bff8da11340a93c86380f5bcdbc95f63e0c4bc7ac072cc2a4d77972554d1e75f945943ac7b1793bf89f05e3c4197
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Sets DLL path for service in the registry
-
Drops startup file
-
Loads dropped DLL
-
Modifies WinLogon
-
Drops file in System32 directory
-