General
-
Target
STATEMENT OF ACCOUNT_2021-10-04989829.exe
-
Size
415KB
-
Sample
211005-qsy95ahgh7
-
MD5
ba089fe4546d19803adad582ca6f2ec5
-
SHA1
32c00e95b5f398c7bb7261feb35290e34c59d21f
-
SHA256
014cd6b5ea8a3b792f7f8926eab05f857fa548a5c75bb6a2c0292f71536cb228
-
SHA512
1b443fd3bdbe05de713311c867ef4b5c73d21eabcd9d89c4df5ad6e78c06c0cf390f52e04cd25a74754bf9cbe007e5abf25787f2dcb089bb66f929b2b0f93592
Static task
static1
Behavioral task
behavioral1
Sample
STATEMENT OF ACCOUNT_2021-10-04989829.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
STATEMENT OF ACCOUNT_2021-10-04989829.exe
Resource
win10-en-20210920
Malware Config
Extracted
warzonerat
176.126.86.243:2021
Targets
-
-
Target
STATEMENT OF ACCOUNT_2021-10-04989829.exe
-
Size
415KB
-
MD5
ba089fe4546d19803adad582ca6f2ec5
-
SHA1
32c00e95b5f398c7bb7261feb35290e34c59d21f
-
SHA256
014cd6b5ea8a3b792f7f8926eab05f857fa548a5c75bb6a2c0292f71536cb228
-
SHA512
1b443fd3bdbe05de713311c867ef4b5c73d21eabcd9d89c4df5ad6e78c06c0cf390f52e04cd25a74754bf9cbe007e5abf25787f2dcb089bb66f929b2b0f93592
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Executes dropped EXE
-
Sets DLL path for service in the registry
-
Loads dropped DLL
-
Adds Run key to start application
-
Modifies WinLogon
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-