General
-
Target
for 176.126.86.243.exe
-
Size
113KB
-
Sample
211006-jjjdzsagb5
-
MD5
bd5f146a5f4796e27868d4ca83dae4ee
-
SHA1
cfa2a086c52c94d387c0ab19b514881b47ab4490
-
SHA256
066c455fdfc44d36695e2e0a97c41c25e8d2d21a90576f649159b16af4ffd860
-
SHA512
5f2cfffde1a60fc3810330304611c39b8350fdc7b87e5e0e2a4186647ab8a68ca23cd5259bc3672db0c3505ff9fcccad5797f511531a7eabc6bc56b705e129a4
Static task
static1
Behavioral task
behavioral1
Sample
for 176.126.86.243.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
for 176.126.86.243.exe
Resource
win10v20210408
Malware Config
Extracted
warzonerat
176.126.86.243:2021
Targets
-
-
Target
for 176.126.86.243.exe
-
Size
113KB
-
MD5
bd5f146a5f4796e27868d4ca83dae4ee
-
SHA1
cfa2a086c52c94d387c0ab19b514881b47ab4490
-
SHA256
066c455fdfc44d36695e2e0a97c41c25e8d2d21a90576f649159b16af4ffd860
-
SHA512
5f2cfffde1a60fc3810330304611c39b8350fdc7b87e5e0e2a4186647ab8a68ca23cd5259bc3672db0c3505ff9fcccad5797f511531a7eabc6bc56b705e129a4
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Executes dropped EXE
-
Sets DLL path for service in the registry
-
Loads dropped DLL
-
Adds Run key to start application
-
Modifies WinLogon
-
Drops file in System32 directory
-