General
-
Target
sample _ list.ace
-
Size
279KB
-
Sample
210722-gdqr9krj2s
-
MD5
a1302b11b26a4e7d31a36d5d4a711d2c
-
SHA1
b9fca4b04e35b3f2b3c185ae631b4eb6d295df2b
-
SHA256
11daf2061e6239ea6c68db36371ace9433dfb783a768a2d7281dba0e58ead375
-
SHA512
e105d36ae26aef40a2bdf13a90375539a8dda0d30bb4d70d291f0b313d1c271daae984cddc6b5e23f9c00f0d6434c5ba3d3ef8d4188a273be91f6b6ad41cec8f
Static task
static1
Behavioral task
behavioral1
Sample
sample & list.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
sample & list.exe
Resource
win10v20210408
Malware Config
Extracted
warzonerat
msteel1759.ddns.net:47680
Targets
-
-
Target
sample & list.exe
-
Size
675KB
-
MD5
e5d9171fcddcb7ad12ba356039f961ae
-
SHA1
a093a11278a11d9db0d648fec160ad1b8217ffe4
-
SHA256
52477714f4d4870a73c7ea42a240b4191e895860f0268ef16b5f0c49d338447d
-
SHA512
dfe707354f4c8bac9f9190e04f6775ddaeb9ac1e04baf54f341617cb56e4b10fee63a0df746cff0d1f8b6380e7bb7c097f1235e0779f28d9f17dbb83d649e975
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-