General
-
Target
NN.exe
-
Size
255KB
-
Sample
210714-39n8eyarze
-
MD5
05682c1439a9ef186645263be47a805d
-
SHA1
462433cb73898afbf7fb414aa5ab6514961a1cfa
-
SHA256
47b42d2ab9e369fdc04623df63b3a2b4630eb2028bad42373d10d30d3e85fd41
-
SHA512
93414bafdcc659e94163e80895241d15341e09b5aef44d83003b68d74c6fdc3940052b4f2cc107340311e9192ffd133487c28f6d68c83fee163910bf99defc88
Static task
static1
Behavioral task
behavioral1
Sample
NN.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
NN.exe
Resource
win10v20210408
Malware Config
Extracted
warzonerat
hilipizie.hopto.org:4747
Targets
-
-
Target
NN.exe
-
Size
255KB
-
MD5
05682c1439a9ef186645263be47a805d
-
SHA1
462433cb73898afbf7fb414aa5ab6514961a1cfa
-
SHA256
47b42d2ab9e369fdc04623df63b3a2b4630eb2028bad42373d10d30d3e85fd41
-
SHA512
93414bafdcc659e94163e80895241d15341e09b5aef44d83003b68d74c6fdc3940052b4f2cc107340311e9192ffd133487c28f6d68c83fee163910bf99defc88
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-