General
-
Target
Scan-2021-10-06-89388399008827829020287278299276678292026368298.rev
-
Size
273KB
-
Sample
211007-1cwjeadbcr
-
MD5
d68ea4b0a267dfc79bed85cc70076c2e
-
SHA1
68ec2702ba2afb739b2f5dc0f1b90070dfca93c2
-
SHA256
e32e27ecb69ca65b8bcb23a748da370c3cd306bbe4d186d840b2632187b12109
-
SHA512
c2bb843d4127cebb778a884deb553e3d002121c20025be6c62d4d43859094674bb075f3aa88cf6454d84d7699f7ae7f86875ec71b821f870bd0436671c18e8e7
Static task
static1
Behavioral task
behavioral1
Sample
Scan-2021-10-06-89388399008827829020287278299276678292026368298.bat.exe
Resource
win10-en-20210920
Malware Config
Extracted
warzonerat
176.126.86.243:2021
Targets
-
-
Target
Scan-2021-10-06-89388399008827829020287278299276678292026368298.bat
-
Size
334KB
-
MD5
4176461be62d517adba95d7ab909e7bb
-
SHA1
e53120f9ad641252e41aa677de123152cd72215f
-
SHA256
4bd74f7785ffaf625efdf131775b504966321554e008bd156002f857f866d458
-
SHA512
4e959c76fdd76d5907c467da5168574e1bf320e7c47dec95c20a4e8f87a95c4e69fbbd5f454082295cb0f457f2d1d070d35d364868dfef9e390e1e2075ea07ed
Score10/10-
Suspicious use of NtCreateProcessExOtherParentProcess
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-