General
-
Target
e6b478f5fc73dc7318854399abf505e3.exe
-
Size
908KB
-
Sample
210712-ph3743epr2
-
MD5
e6b478f5fc73dc7318854399abf505e3
-
SHA1
802fb03026a04b4027c3ff7fdf521d08195f8163
-
SHA256
99f6194509980cce34f244d9dbca6d6931f47a02361db73e0f2fc1fa103c997b
-
SHA512
9f94e00e1b30130e06749868dc5e492b74f47a67169b5e064ab09fc51fba01e4583adf0b3e730852bba272cfb6d7395f8d6c0078addb59f4b6cdd3c1874ae3d4
Static task
static1
Behavioral task
behavioral1
Sample
e6b478f5fc73dc7318854399abf505e3.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
e6b478f5fc73dc7318854399abf505e3.exe
Resource
win10v20210410
Malware Config
Extracted
warzonerat
byx.z86.ru:5200
Targets
-
-
Target
e6b478f5fc73dc7318854399abf505e3.exe
-
Size
908KB
-
MD5
e6b478f5fc73dc7318854399abf505e3
-
SHA1
802fb03026a04b4027c3ff7fdf521d08195f8163
-
SHA256
99f6194509980cce34f244d9dbca6d6931f47a02361db73e0f2fc1fa103c997b
-
SHA512
9f94e00e1b30130e06749868dc5e492b74f47a67169b5e064ab09fc51fba01e4583adf0b3e730852bba272cfb6d7395f8d6c0078addb59f4b6cdd3c1874ae3d4
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-