General
-
Target
a4596b039ec21394b6f5a7032f9b4b50.exe
-
Size
383KB
-
Sample
210716-lpjed2mq46
-
MD5
a4596b039ec21394b6f5a7032f9b4b50
-
SHA1
15604020db19962ef579ecde885f2516a48c4b99
-
SHA256
401bce69b94fd198482a5e4c760570afd0e6b85e64871894a4796acd5aeedd48
-
SHA512
877dab806cee2cb874c482f3c0f3240d4423ff1446371a4318f37831845f7fac6de395a301505f587d3dc287f2c193fa102c43c90202999087c6beddf98ef9af
Static task
static1
Behavioral task
behavioral1
Sample
a4596b039ec21394b6f5a7032f9b4b50.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
a4596b039ec21394b6f5a7032f9b4b50.exe
Resource
win10v20210408
Malware Config
Extracted
warzonerat
byx.z86.ru:5200
Targets
-
-
Target
a4596b039ec21394b6f5a7032f9b4b50.exe
-
Size
383KB
-
MD5
a4596b039ec21394b6f5a7032f9b4b50
-
SHA1
15604020db19962ef579ecde885f2516a48c4b99
-
SHA256
401bce69b94fd198482a5e4c760570afd0e6b85e64871894a4796acd5aeedd48
-
SHA512
877dab806cee2cb874c482f3c0f3240d4423ff1446371a4318f37831845f7fac6de395a301505f587d3dc287f2c193fa102c43c90202999087c6beddf98ef9af
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-