General
-
Target
6797b19e6f2f174103c00f1fe84b3016
-
Size
339KB
-
Sample
210714-xqv3p214hj
-
MD5
6797b19e6f2f174103c00f1fe84b3016
-
SHA1
86db4e27becc779ddf5769ff861cadf72bca6a1c
-
SHA256
20abe25c4f02f73cdda3e8e74187202fbdbf5fa2fd7fe92b2d1ab328b66c1950
-
SHA512
e157b38cbecf4dc46e1f2d0d350bae90410057f981d5f428f4c50440efaa962484ad8448576159ea505cf0fc5c602c63d66e2c8b4a2bba6b3cb4e4c980e2f711
Static task
static1
Behavioral task
behavioral1
Sample
6797b19e6f2f174103c00f1fe84b3016.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
6797b19e6f2f174103c00f1fe84b3016.exe
Resource
win10v20210410
Malware Config
Extracted
warzonerat
byx.z86.ru:5200
Targets
-
-
Target
6797b19e6f2f174103c00f1fe84b3016
-
Size
339KB
-
MD5
6797b19e6f2f174103c00f1fe84b3016
-
SHA1
86db4e27becc779ddf5769ff861cadf72bca6a1c
-
SHA256
20abe25c4f02f73cdda3e8e74187202fbdbf5fa2fd7fe92b2d1ab328b66c1950
-
SHA512
e157b38cbecf4dc46e1f2d0d350bae90410057f981d5f428f4c50440efaa962484ad8448576159ea505cf0fc5c602c63d66e2c8b4a2bba6b3cb4e4c980e2f711
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-