General
-
Target
ZeAJce00z3qhR4M.exe
-
Size
1.4MB
-
Sample
210726-11wjazxv7e
-
MD5
027d00c9ed605bfbcb8615aa0f062889
-
SHA1
c982c2a5ce8cbae143820ba6529b189113b4c2ca
-
SHA256
71213fcacf32e5693b18d4cfcadc7ba7a03da3c84c614308037049796e58c645
-
SHA512
b52b3d4e1a6f0a2f61be9e3b7d28d2310037c983d9e4bb3901db8c82e2f04413e8d88bea3fbf57b9c837fa7c7495162ce7b76a0d7fb1d0e334f4848c87d5b3fb
Static task
static1
Behavioral task
behavioral1
Sample
ZeAJce00z3qhR4M.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
ZeAJce00z3qhR4M.exe
Resource
win10v20210410
Malware Config
Extracted
warzonerat
84.38.133.199:5200
Targets
-
-
Target
ZeAJce00z3qhR4M.exe
-
Size
1.4MB
-
MD5
027d00c9ed605bfbcb8615aa0f062889
-
SHA1
c982c2a5ce8cbae143820ba6529b189113b4c2ca
-
SHA256
71213fcacf32e5693b18d4cfcadc7ba7a03da3c84c614308037049796e58c645
-
SHA512
b52b3d4e1a6f0a2f61be9e3b7d28d2310037c983d9e4bb3901db8c82e2f04413e8d88bea3fbf57b9c837fa7c7495162ce7b76a0d7fb1d0e334f4848c87d5b3fb
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-