General
-
Target
MACHINE SPECIFICATIONS.IMG
-
Size
1.2MB
-
Sample
210825-3t78skvqca
-
MD5
79cd0a7ced1db03ea0129e054d3e865d
-
SHA1
fdc99dd22215625ba3f0c3479af882c5db718d8c
-
SHA256
7ad82722eed02d63b24e0e99480e332d26074f9cadbacef5a653989f81bc9f7e
-
SHA512
1cc1d1af7aab9e07feb45c76649879b1d43ccf0ca82ec01db263751441564c613faef8349d6ca351d7c1bdde2539704f5255d39295c63bedc2388a5e411fafe3
Static task
static1
Behavioral task
behavioral1
Sample
MACHINE_.EXE
Resource
win7v20210408
Behavioral task
behavioral2
Sample
MACHINE_.EXE
Resource
win10v20210410
Malware Config
Extracted
warzonerat
2.56.59.131:5200
Targets
-
-
Target
MACHINE_.EXE
-
Size
552KB
-
MD5
dd29df9b14e9165a7e218ccb399934b5
-
SHA1
e5b3e6f043612e53cd9fbae00b93102596238f42
-
SHA256
9051b63011b57f14eb413563f9ee38a2e52a41b20a1c165f2daf057eb7dc2766
-
SHA512
7161a2df32c9da9823cf7bfd11874c8f71def013fc8ff12a06ac9c5c045bbba1e2d077b9f7bad32d1bbe88862804119da419f8951d5256bc57aef6cb3f393811
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-