General
-
Target
434c581d692f438caa4dcae3d42c32d4
-
Size
669KB
-
Sample
210915-hts6haaae6
-
MD5
434c581d692f438caa4dcae3d42c32d4
-
SHA1
6f1fc19c1c796117366d744cd33998c34bab8e6f
-
SHA256
3971845bb66080170f9c166e1fcaf497d598dcfc5fbc380f0363711fc73e0580
-
SHA512
a06dbca9c28763005dff82eda81326d455a305d32fffee0dce8b5019faa5aefaf2e15a78c151519ab032723264274c457a516acab3fafbef757714d8ad64b7e0
Static task
static1
Behavioral task
behavioral1
Sample
434c581d692f438caa4dcae3d42c32d4.exe
Resource
win7-en
Behavioral task
behavioral2
Sample
434c581d692f438caa4dcae3d42c32d4.exe
Resource
win10-en
Malware Config
Extracted
warzonerat
pentester01.duckdns.org:60976
Targets
-
-
Target
434c581d692f438caa4dcae3d42c32d4
-
Size
669KB
-
MD5
434c581d692f438caa4dcae3d42c32d4
-
SHA1
6f1fc19c1c796117366d744cd33998c34bab8e6f
-
SHA256
3971845bb66080170f9c166e1fcaf497d598dcfc5fbc380f0363711fc73e0580
-
SHA512
a06dbca9c28763005dff82eda81326d455a305d32fffee0dce8b5019faa5aefaf2e15a78c151519ab032723264274c457a516acab3fafbef757714d8ad64b7e0
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Adds Run key to start application
-