General
-
Target
New Order_R43YZIr0C8E62iK.exe
-
Size
291KB
-
Sample
210713-3xezby24as
-
MD5
c2defdcd91b04ece9e34bee77d0f5adc
-
SHA1
14b0616035e2fef2c4dc9ab4ba9b5f23b159c361
-
SHA256
344411537546f4601fe7f667f8cd82cb0aa92da98581ea055b66d49ed16ebd89
-
SHA512
41665255975bf4a392f50455b7640e77e42ee1aa505a60fa4d5b620d9ce4193832362d6159193319a0029109f6602b0ef7f78fbf20de667f773efd67b5e08c25
Static task
static1
Behavioral task
behavioral1
Sample
New Order_R43YZIr0C8E62iK.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
New Order_R43YZIr0C8E62iK.exe
Resource
win10v20210410
Malware Config
Extracted
warzonerat
185.105.236.179:1975
Targets
-
-
Target
New Order_R43YZIr0C8E62iK.exe
-
Size
291KB
-
MD5
c2defdcd91b04ece9e34bee77d0f5adc
-
SHA1
14b0616035e2fef2c4dc9ab4ba9b5f23b159c361
-
SHA256
344411537546f4601fe7f667f8cd82cb0aa92da98581ea055b66d49ed16ebd89
-
SHA512
41665255975bf4a392f50455b7640e77e42ee1aa505a60fa4d5b620d9ce4193832362d6159193319a0029109f6602b0ef7f78fbf20de667f773efd67b5e08c25
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-