General
-
Target
805eaea77ff2656f8f7b606c88bb6ddb
-
Size
551KB
-
Sample
211001-jyswzabcdp
-
MD5
805eaea77ff2656f8f7b606c88bb6ddb
-
SHA1
adf46bd41f5dbf163b32c9bf441b63e63b6e2efd
-
SHA256
2149c47313d418628a7749aefd919c4d77c25b754c55a99e5c3de6e8cde49344
-
SHA512
74d2691383d4a1e4b8b90e95008c151b2a266f77cfb1c491ec25f2b29d348f4e4ee069cd7fe0d16a77e7e9856fe75ba1fe2fd28858a37736682cbd6f9891fac1
Static task
static1
Behavioral task
behavioral1
Sample
805eaea77ff2656f8f7b606c88bb6ddb.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
805eaea77ff2656f8f7b606c88bb6ddb.exe
Resource
win10-en-20210920
Malware Config
Extracted
warzonerat
152.67.253.163:5300
Targets
-
-
Target
805eaea77ff2656f8f7b606c88bb6ddb
-
Size
551KB
-
MD5
805eaea77ff2656f8f7b606c88bb6ddb
-
SHA1
adf46bd41f5dbf163b32c9bf441b63e63b6e2efd
-
SHA256
2149c47313d418628a7749aefd919c4d77c25b754c55a99e5c3de6e8cde49344
-
SHA512
74d2691383d4a1e4b8b90e95008c151b2a266f77cfb1c491ec25f2b29d348f4e4ee069cd7fe0d16a77e7e9856fe75ba1fe2fd28858a37736682cbd6f9891fac1
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Suspicious use of SetThreadContext
-