General
-
Target
ac5f0a5529dddc9aa2b0e2d515a048d3
-
Size
819KB
-
Sample
210915-hrjjaadahm
-
MD5
ac5f0a5529dddc9aa2b0e2d515a048d3
-
SHA1
fc635c251279497b8f9c044ce0913b9329db1f36
-
SHA256
6ecbffba7ebc7a31d27bcbd81a37468d881f34af3a84ca2ca7eacae5b56f23bd
-
SHA512
04dc560fd3f776ccc0ed3ce472632ce076d1d0237fe56bca57e7322f51ea96e1ae474bb55c548dd02c1abe65da7af9886a3818dd73eaa0d0e14bb43fce408579
Static task
static1
Behavioral task
behavioral1
Sample
ac5f0a5529dddc9aa2b0e2d515a048d3.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
ac5f0a5529dddc9aa2b0e2d515a048d3.exe
Resource
win10-en
Malware Config
Extracted
warzonerat
79.134.225.39:1990
Targets
-
-
Target
ac5f0a5529dddc9aa2b0e2d515a048d3
-
Size
819KB
-
MD5
ac5f0a5529dddc9aa2b0e2d515a048d3
-
SHA1
fc635c251279497b8f9c044ce0913b9329db1f36
-
SHA256
6ecbffba7ebc7a31d27bcbd81a37468d881f34af3a84ca2ca7eacae5b56f23bd
-
SHA512
04dc560fd3f776ccc0ed3ce472632ce076d1d0237fe56bca57e7322f51ea96e1ae474bb55c548dd02c1abe65da7af9886a3818dd73eaa0d0e14bb43fce408579
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-