General
-
Target
2a2c1a9885d3ef548f66188878a59fd2.exe
-
Size
684KB
-
Sample
210713-gb3aby41a2
-
MD5
2a2c1a9885d3ef548f66188878a59fd2
-
SHA1
1d480783f56c4448f074cb55a4e2e01338bfdc3b
-
SHA256
04cde0c2284cc4dc8f8a5aeadafca6819ab9d11dfb76fb7f3a2fbbf91d3c0e5d
-
SHA512
8fb432a4c3d21fcb165e0c8c42700f171cfff554045b6a3e1491db70c506bc7cbfa06ee4a18618af5c5dbf3559abb1f703b60acf88c6c5cc5c40c36d7854d1cf
Static task
static1
Behavioral task
behavioral1
Sample
2a2c1a9885d3ef548f66188878a59fd2.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
2a2c1a9885d3ef548f66188878a59fd2.exe
Resource
win10v20210410
Malware Config
Extracted
warzonerat
byx.z86.ru:5200
Targets
-
-
Target
2a2c1a9885d3ef548f66188878a59fd2.exe
-
Size
684KB
-
MD5
2a2c1a9885d3ef548f66188878a59fd2
-
SHA1
1d480783f56c4448f074cb55a4e2e01338bfdc3b
-
SHA256
04cde0c2284cc4dc8f8a5aeadafca6819ab9d11dfb76fb7f3a2fbbf91d3c0e5d
-
SHA512
8fb432a4c3d21fcb165e0c8c42700f171cfff554045b6a3e1491db70c506bc7cbfa06ee4a18618af5c5dbf3559abb1f703b60acf88c6c5cc5c40c36d7854d1cf
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-