General
-
Target
413a47af466113b07495cb5bbd3b6439.exe
-
Size
350KB
-
Sample
210715-pmwa3brgt2
-
MD5
413a47af466113b07495cb5bbd3b6439
-
SHA1
5c071fc04f4de72f97cdabef4d02f99d4f12a0a8
-
SHA256
691c75376ade3956492197d79853cab8eb38dca6dc2a7c2be3d4f28f445a3d2b
-
SHA512
c01c054ff55ce4aed76f06c7a75e9a77b4652e5a1696c3e97427419bff50f6726f45dfc142391b22736840700b167e9602cc0628e9bd87b4e0afbf0012e4995b
Static task
static1
Behavioral task
behavioral1
Sample
413a47af466113b07495cb5bbd3b6439.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
413a47af466113b07495cb5bbd3b6439.exe
Resource
win10v20210410
Malware Config
Extracted
warzonerat
byx.z86.ru:5200
Targets
-
-
Target
413a47af466113b07495cb5bbd3b6439.exe
-
Size
350KB
-
MD5
413a47af466113b07495cb5bbd3b6439
-
SHA1
5c071fc04f4de72f97cdabef4d02f99d4f12a0a8
-
SHA256
691c75376ade3956492197d79853cab8eb38dca6dc2a7c2be3d4f28f445a3d2b
-
SHA512
c01c054ff55ce4aed76f06c7a75e9a77b4652e5a1696c3e97427419bff50f6726f45dfc142391b22736840700b167e9602cc0628e9bd87b4e0afbf0012e4995b
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-