General
-
Target
5289ee592197e853ca284d082bd0355e
-
Size
371KB
-
Sample
210716-6h8wjpc416
-
MD5
5289ee592197e853ca284d082bd0355e
-
SHA1
32b33a3e0c77a5bd9a09ac35e9d237db2782609e
-
SHA256
d966b0be571e5da5143ec930b1cf99c053412ecfdb76d46b16ba811c16e9eb8b
-
SHA512
9a7d715e0e9d0a199aa2a40c4c193accdd12105908d62db2a0e46100b9518b4479afe7c3f8b4ba1922e6874fd3041987e6334bc4964546e97684f02e09a0f63a
Static task
static1
Behavioral task
behavioral1
Sample
5289ee592197e853ca284d082bd0355e.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
5289ee592197e853ca284d082bd0355e.exe
Resource
win10v20210408
Malware Config
Extracted
warzonerat
byx.z86.ru:5200
Targets
-
-
Target
5289ee592197e853ca284d082bd0355e
-
Size
371KB
-
MD5
5289ee592197e853ca284d082bd0355e
-
SHA1
32b33a3e0c77a5bd9a09ac35e9d237db2782609e
-
SHA256
d966b0be571e5da5143ec930b1cf99c053412ecfdb76d46b16ba811c16e9eb8b
-
SHA512
9a7d715e0e9d0a199aa2a40c4c193accdd12105908d62db2a0e46100b9518b4479afe7c3f8b4ba1922e6874fd3041987e6334bc4964546e97684f02e09a0f63a
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-