General
-
Target
Statement SKBMT 01078.exe
-
Size
1.1MB
-
Sample
210723-4hvsm71wmx
-
MD5
2ac95d271159084b2f3f66ebe2fc1318
-
SHA1
70c8964080fef2993c9a3f4cb3f6f9c8a0e10f54
-
SHA256
af96538d76a53512e82dbb6683578b7d44577307722d1c9291cf047f5f471334
-
SHA512
0619dbaa146a64851bd24c7afd04bbaf2c23e002e10a9f83a306079c6edff0e876c32c60e4fc74de64b05dd74aa24b27810572b18efdc4878426a82840649105
Static task
static1
Behavioral task
behavioral1
Sample
Statement SKBMT 01078.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
Statement SKBMT 01078.exe
Resource
win10v20210410
Malware Config
Extracted
warzonerat
202.55.132.213:7744
Targets
-
-
Target
Statement SKBMT 01078.exe
-
Size
1.1MB
-
MD5
2ac95d271159084b2f3f66ebe2fc1318
-
SHA1
70c8964080fef2993c9a3f4cb3f6f9c8a0e10f54
-
SHA256
af96538d76a53512e82dbb6683578b7d44577307722d1c9291cf047f5f471334
-
SHA512
0619dbaa146a64851bd24c7afd04bbaf2c23e002e10a9f83a306079c6edff0e876c32c60e4fc74de64b05dd74aa24b27810572b18efdc4878426a82840649105
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Suspicious use of SetThreadContext
-