General
-
Target
32a3a8f36c4cab6e28a646f7db8659f132a98f2b7169155e543ec1e024dfc211
-
Size
1.9MB
-
Sample
211007-g7wccacbel
-
MD5
6d883d583924bab2b456690401265966
-
SHA1
b329b0209511e4f7a22a4de4b9f34b022202c3a5
-
SHA256
32a3a8f36c4cab6e28a646f7db8659f132a98f2b7169155e543ec1e024dfc211
-
SHA512
8a5faa79307c7eafdc2f753f2f39f914920d32cf5941da4f18876e06d920d46f6b05c18b67396e1c66abbfdfb41949a081c9309562ec7f41686e2eaed00ab1a3
Static task
static1
Behavioral task
behavioral1
Sample
32a3a8f36c4cab6e28a646f7db8659f132a98f2b7169155e543ec1e024dfc211.exe
Resource
win10-en-20210920
Malware Config
Extracted
warzonerat
23.94.199.19:5144
Targets
-
-
Target
32a3a8f36c4cab6e28a646f7db8659f132a98f2b7169155e543ec1e024dfc211
-
Size
1.9MB
-
MD5
6d883d583924bab2b456690401265966
-
SHA1
b329b0209511e4f7a22a4de4b9f34b022202c3a5
-
SHA256
32a3a8f36c4cab6e28a646f7db8659f132a98f2b7169155e543ec1e024dfc211
-
SHA512
8a5faa79307c7eafdc2f753f2f39f914920d32cf5941da4f18876e06d920d46f6b05c18b67396e1c66abbfdfb41949a081c9309562ec7f41686e2eaed00ab1a3
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Executes dropped EXE
-
Sets DLL path for service in the registry
-
Drops startup file
-
Loads dropped DLL
-
Modifies WinLogon
-
Drops file in System32 directory
-