General
-
Target
Statement SKBMT 01578.exe
-
Size
1.1MB
-
Sample
210723-w5cx85a9ss
-
MD5
b2cd4e8f0a79d8953255bef56fb15bb1
-
SHA1
38f857bbc3bb63418fad5474b5b315ec8688144e
-
SHA256
857dd518ef3c65847d22cec214d81cc0e2ca2259915a7308c0b2ff2c58023082
-
SHA512
771a158731332e72c848a10ad87b928317cdc83026813e6651ffa173875182059580f1092d953f417974be18252ee7de19016ee9a65f6fbf16392ad0515ee010
Static task
static1
Behavioral task
behavioral1
Sample
Statement SKBMT 01578.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
Statement SKBMT 01578.exe
Resource
win10v20210410
Malware Config
Extracted
warzonerat
103.133.109.176:7600
Targets
-
-
Target
Statement SKBMT 01578.exe
-
Size
1.1MB
-
MD5
b2cd4e8f0a79d8953255bef56fb15bb1
-
SHA1
38f857bbc3bb63418fad5474b5b315ec8688144e
-
SHA256
857dd518ef3c65847d22cec214d81cc0e2ca2259915a7308c0b2ff2c58023082
-
SHA512
771a158731332e72c848a10ad87b928317cdc83026813e6651ffa173875182059580f1092d953f417974be18252ee7de19016ee9a65f6fbf16392ad0515ee010
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-