General
-
Target
Scan-2021-10-06-89388399008827829020287278299276678292026368298.bat
-
Size
327KB
-
Sample
211006-z42n3abeh9
-
MD5
32b4f5d1c3b51f9f4db299ae1b10084f
-
SHA1
54e4e00080d8a675e65bc4fe873555fd0381d935
-
SHA256
80d785f64f10760466e0023c19846dbae749aac11be0433e17f7c703b220b433
-
SHA512
dc73933b63784da3ce6bd7f1c8f5a3b32d19ad1180a3c6b7f66da61c2c3a8119dc9d800075eb244ff45d52cfab0f5314e47b31f85846d78f3a4c700873d41ff9
Static task
static1
Behavioral task
behavioral1
Sample
Scan-2021-10-06-89388399008827829020287278299276678292026368298.bat.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
Scan-2021-10-06-89388399008827829020287278299276678292026368298.bat.exe
Resource
win10v20210408
Malware Config
Extracted
warzonerat
176.126.86.243:2021
Targets
-
-
Target
Scan-2021-10-06-89388399008827829020287278299276678292026368298.bat
-
Size
327KB
-
MD5
32b4f5d1c3b51f9f4db299ae1b10084f
-
SHA1
54e4e00080d8a675e65bc4fe873555fd0381d935
-
SHA256
80d785f64f10760466e0023c19846dbae749aac11be0433e17f7c703b220b433
-
SHA512
dc73933b63784da3ce6bd7f1c8f5a3b32d19ad1180a3c6b7f66da61c2c3a8119dc9d800075eb244ff45d52cfab0f5314e47b31f85846d78f3a4c700873d41ff9
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-