General
-
Target
95a82f3eb6b4bfab230779e4e8afe42f
-
Size
481KB
-
Sample
210727-4wt2nga6d6
-
MD5
95a82f3eb6b4bfab230779e4e8afe42f
-
SHA1
02dede5b6fd16a83a91066fa418baaed85a96bf8
-
SHA256
e51033b63bf3a77604f76f2b863b0dc1f4c86d936c807c0201ea4c24950b91a2
-
SHA512
24342eb4ccb2800941eda0f6e1a4ce7af1664872aeeee00db988786cb7203a632770d577fa92126832f8a247881e1602eb73a08f071178bad35c9909f6d78ba1
Static task
static1
Behavioral task
behavioral1
Sample
95a82f3eb6b4bfab230779e4e8afe42f.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
95a82f3eb6b4bfab230779e4e8afe42f.exe
Resource
win10v20210410
Malware Config
Extracted
warzonerat
byx.z86.ru:5200
Targets
-
-
Target
95a82f3eb6b4bfab230779e4e8afe42f
-
Size
481KB
-
MD5
95a82f3eb6b4bfab230779e4e8afe42f
-
SHA1
02dede5b6fd16a83a91066fa418baaed85a96bf8
-
SHA256
e51033b63bf3a77604f76f2b863b0dc1f4c86d936c807c0201ea4c24950b91a2
-
SHA512
24342eb4ccb2800941eda0f6e1a4ce7af1664872aeeee00db988786cb7203a632770d577fa92126832f8a247881e1602eb73a08f071178bad35c9909f6d78ba1
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-