General
-
Target
Scan-2021-10-06-89388399008827829020287278299276678292026368298.exe
-
Size
349KB
-
Sample
211007-fk9e1scbap
-
MD5
393057b6f48539e0e740349a43b13a6a
-
SHA1
96824dcbce0bcd6ae3298b1eeb425381f93267a7
-
SHA256
a219440a18c85fe668a060a26192f359b7b881bae02e6871baadd89b7019da9c
-
SHA512
d05059a2c422093a722ffd8f5de53c40b0343ecfd21322a3a692146bbb5aaaa72a7cb434d6941f01812e98ccf01c16d1226bf4a767476de9ca751b8dff79e11c
Static task
static1
Behavioral task
behavioral1
Sample
Scan-2021-10-06-89388399008827829020287278299276678292026368298.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
Scan-2021-10-06-89388399008827829020287278299276678292026368298.exe
Resource
win10v20210408
Malware Config
Extracted
warzonerat
176.126.86.243:2021
Targets
-
-
Target
Scan-2021-10-06-89388399008827829020287278299276678292026368298.exe
-
Size
349KB
-
MD5
393057b6f48539e0e740349a43b13a6a
-
SHA1
96824dcbce0bcd6ae3298b1eeb425381f93267a7
-
SHA256
a219440a18c85fe668a060a26192f359b7b881bae02e6871baadd89b7019da9c
-
SHA512
d05059a2c422093a722ffd8f5de53c40b0343ecfd21322a3a692146bbb5aaaa72a7cb434d6941f01812e98ccf01c16d1226bf4a767476de9ca751b8dff79e11c
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-