General
-
Target
new order 2400 kgs Rab01.r20
-
Size
224KB
-
Sample
210916-txvpaagfbn
-
MD5
612a884c54d5d39cad07838d30d89059
-
SHA1
a2a765582277881ffe77fbd0bb38bc16de889139
-
SHA256
fd56f8b43cd591ad84e41fbb54b17d689e011b15682b64da77ea4ddd9a3975e7
-
SHA512
73689bd49b07331b0b57050b7e1b0c03b49efdf9f0ad23e3252423cdf7087f593847f7735d18e28fc9abbd6113547c1b075d0ca1ebec0c5468a9e661d3f0513f
Static task
static1
Behavioral task
behavioral1
Sample
new order 2400 kgs Rab01.scr
Resource
win7-en
Malware Config
Extracted
warzonerat
warzonepw.ddns.net:6476
Targets
-
-
Target
new order 2400 kgs Rab01.scr
-
Size
511KB
-
MD5
ba549f38762c8cd2f324e2b83a859941
-
SHA1
bc169ac418ddbc27aa30ff8604bda9dea108701e
-
SHA256
25f47ed157aa94606c83548e5a8f345d88374f9514ee89a5ab96ca77b5aebb18
-
SHA512
744b7f47e80a44726aee322be7f685c07575ab0b2fe0a6da0a2d0820354bbb1bf85731094576e6442af9a55a147f0726fdb04fd9079f10fc2ba98067b5347a00
-
Modifies WinLogon for persistence
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-