General
-
Target
f390fd6e97ea6bc9529d434d7e196bae271cff79eaec0cf97afcd26556c0c4f0.zip
-
Size
361KB
-
Sample
210727-q7myr8jwv2
-
MD5
9d9deac65f461007689fdde89499d6f3
-
SHA1
be68ad1ba8ef46bc9c22a4f59f69a536c12753a2
-
SHA256
cbb6e29afb4dd742ae2e834e22a640cf19f31413f2678989fdd7ed5e2ce0d12a
-
SHA512
7e6dab97160fd31ca2de1f9e9f3f550271e4c06ed4e663b0ed955b4f7427ec459cb4e969dc088e1e14c4f3a2be3352d8b5e8f3083057fc7884c42281746ca174
Static task
static1
Behavioral task
behavioral1
Sample
f390fd6e97ea6bc9529d434d7e196bae271cff79eaec0cf97afcd26556c0c4f0.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
f390fd6e97ea6bc9529d434d7e196bae271cff79eaec0cf97afcd26556c0c4f0.exe
Resource
win10v20210408
Malware Config
Extracted
warzonerat
warzonne.publicvm.com:22649
Targets
-
-
Target
f390fd6e97ea6bc9529d434d7e196bae271cff79eaec0cf97afcd26556c0c4f0
-
Size
495KB
-
MD5
3e5de00abc1894db32e6eb3738ca9321
-
SHA1
6416b26038423c0cf2ffd274f3578b52d359ee2d
-
SHA256
f390fd6e97ea6bc9529d434d7e196bae271cff79eaec0cf97afcd26556c0c4f0
-
SHA512
e1fb5eda0b909563933761d7aa0f21df574e616f9c40bbb08141acae89a04f372709eaf1d85577d5380121ca4cb3ccf7b7bafd23b2cf19f1af156f5df42ab7b6
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-