General
-
Target
3b377d022762ca91179f7f9ccd69d567
-
Size
819KB
-
Sample
210915-hzmwnsaag4
-
MD5
3b377d022762ca91179f7f9ccd69d567
-
SHA1
f6a8d47a3379bd0ac2cd96782ba3f7040045d5d9
-
SHA256
8ec53980cf686b472cfce52d0dc99a86ec328f2c596714b7c0468d957248ff36
-
SHA512
ac9210b72f873f2974304acea681c80d4ea24f4752f2376a1f5c6a9f9aed91264c97af31e5370a4efb8dcd5e4f8b96c601c6f972af4e8a851a77c68c3cfe9923
Static task
static1
Behavioral task
behavioral1
Sample
3b377d022762ca91179f7f9ccd69d567.exe
Resource
win7-en
Behavioral task
behavioral2
Sample
3b377d022762ca91179f7f9ccd69d567.exe
Resource
win10-en
Malware Config
Extracted
warzonerat
engkaa.ddns.net:4545
Targets
-
-
Target
3b377d022762ca91179f7f9ccd69d567
-
Size
819KB
-
MD5
3b377d022762ca91179f7f9ccd69d567
-
SHA1
f6a8d47a3379bd0ac2cd96782ba3f7040045d5d9
-
SHA256
8ec53980cf686b472cfce52d0dc99a86ec328f2c596714b7c0468d957248ff36
-
SHA512
ac9210b72f873f2974304acea681c80d4ea24f4752f2376a1f5c6a9f9aed91264c97af31e5370a4efb8dcd5e4f8b96c601c6f972af4e8a851a77c68c3cfe9923
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-