General
-
Target
1c2e2cbb43d0e1fb959efad9fb85730d708ca9a4e55fda7fcd1eb54f4c9b4533
-
Size
349KB
-
Sample
210713-vv3wvvhmlx
-
MD5
fdfe68e39f18af54ae5bcae5c592be08
-
SHA1
fbebee446990f1c6e870589ffba1c6b0bab07e87
-
SHA256
1c2e2cbb43d0e1fb959efad9fb85730d708ca9a4e55fda7fcd1eb54f4c9b4533
-
SHA512
e9c3425a36e924cfa8779d47213881fcfd79e6dcfe021af0d0a3a667ea20ef0579601b37bf63dbe2e92142d864fab0862c93096a12686c6c255f57e0ccf3df16
Static task
static1
Behavioral task
behavioral1
Sample
1c2e2cbb43d0e1fb959efad9fb85730d708ca9a4e55fda7fcd1eb54f4c9b4533.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
1c2e2cbb43d0e1fb959efad9fb85730d708ca9a4e55fda7fcd1eb54f4c9b4533.exe
Resource
win10v20210410
Malware Config
Extracted
warzonerat
gecisdiktatura.chickenkiller.com:5200
Targets
-
-
Target
1c2e2cbb43d0e1fb959efad9fb85730d708ca9a4e55fda7fcd1eb54f4c9b4533
-
Size
349KB
-
MD5
fdfe68e39f18af54ae5bcae5c592be08
-
SHA1
fbebee446990f1c6e870589ffba1c6b0bab07e87
-
SHA256
1c2e2cbb43d0e1fb959efad9fb85730d708ca9a4e55fda7fcd1eb54f4c9b4533
-
SHA512
e9c3425a36e924cfa8779d47213881fcfd79e6dcfe021af0d0a3a667ea20ef0579601b37bf63dbe2e92142d864fab0862c93096a12686c6c255f57e0ccf3df16
Score10/10-
Suspicious use of NtCreateProcessExOtherParentProcess
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-