General
-
Target
Scan-2021-10-06-89388399008827829020287278299276678292026368298.rar
-
Size
271KB
-
Sample
211006-pz7peabdcm
-
MD5
53a333afc9e2d17c694dce3d4dfd624b
-
SHA1
f49ee7b8c4822abf5001ddb96883293ddebabb54
-
SHA256
f91a7391c327872d1710fbc029df3dec595c25391a9868424bf15a35df6c7a12
-
SHA512
bc3d24ea87638a7ae6d6f8234c1de3adb2f76d785e182a6123401733ed9324522072119507d1e1795ff46928dd29660f125fabdaf50946d874583519342d85b5
Static task
static1
Behavioral task
behavioral1
Sample
Scan-2021-10-06-89388399008827829020287278299276678292026368298.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
Scan-2021-10-06-89388399008827829020287278299276678292026368298.exe
Resource
win10-en-20210920
Malware Config
Extracted
warzonerat
176.126.86.243:2021
Targets
-
-
Target
Scan-2021-10-06-89388399008827829020287278299276678292026368298.exe
-
Size
348KB
-
MD5
d2e6ca1485ffb92f2dfdc135ab845e8f
-
SHA1
fbb8942df10a6fea69c0118abc5c7922fa50cb6b
-
SHA256
31d22d9871d06497c9894e32a0009bb572897757ce994ac71cde29135f0c1e55
-
SHA512
cfdbcf874c334aca0417117687462bfe121974a4fd64fd9d01eb093587a5c6ceab59a896975a982a2f2e9c323cb4f5e9617895ed5966d57686b068ce5b504a6e
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-