General
-
Target
1142c903a0559833481d199320d433f99a4599db90d4ba0db736a39a8729c7bf
-
Size
405KB
-
Sample
211005-rt2mbaacfj
-
MD5
900b1c9abbab7a08f9f89b8e12fd2750
-
SHA1
7e21e44ae28aa91a77771901675ec23f9e81f26e
-
SHA256
1142c903a0559833481d199320d433f99a4599db90d4ba0db736a39a8729c7bf
-
SHA512
890a0f440dc795090548039a82c29f0a6b0f61fc4d9e00dde785ae4d72b7c9f5801d67b1e0d8a30185eb13e5ef2798cd68b1d92c6c1b73a44eb12c03ed1f8ac8
Static task
static1
Behavioral task
behavioral1
Sample
1142c903a0559833481d199320d433f99a4599db90d4ba0db736a39a8729c7bf.exe
Resource
win10-en-20210920
Malware Config
Extracted
warzonerat
telegrammylink.ddns.net:7754
Targets
-
-
Target
1142c903a0559833481d199320d433f99a4599db90d4ba0db736a39a8729c7bf
-
Size
405KB
-
MD5
900b1c9abbab7a08f9f89b8e12fd2750
-
SHA1
7e21e44ae28aa91a77771901675ec23f9e81f26e
-
SHA256
1142c903a0559833481d199320d433f99a4599db90d4ba0db736a39a8729c7bf
-
SHA512
890a0f440dc795090548039a82c29f0a6b0f61fc4d9e00dde785ae4d72b7c9f5801d67b1e0d8a30185eb13e5ef2798cd68b1d92c6c1b73a44eb12c03ed1f8ac8
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-