General
-
Target
Revised PL and CI.cab.gz
-
Size
336KB
-
Sample
211008-3fmf1sehd3
-
MD5
5c68cc17bada0211b31e51ba7bbc9148
-
SHA1
daf46a90bebf12f7531f61d830b23d20a081a780
-
SHA256
86e20032c67a5da99fc1b085c82687897e87c3498b6aeaad9bb47b6147315018
-
SHA512
dd3c7564e9bf5762ef2ab5d6e6e654f6f80993f211577fa5bbf3248ec4a642fc29a16052e7cba0c8e4667f476560c6c22fc30366b1f09220b95d09b394d01c06
Static task
static1
Behavioral task
behavioral1
Sample
Revised PL and CI.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
Revised PL and CI.exe
Resource
win10v20210408
Malware Config
Extracted
warzonerat
guykj.ddns.net:6783
Targets
-
-
Target
Revised PL and CI.exe
-
Size
796KB
-
MD5
149b5421cdd029886e4cbc9c67ce2707
-
SHA1
5c985de18acb2b521ebd57042061579ca0c994e9
-
SHA256
d5711e2cdb9a631e6c1cb6c94aeda58ef887aa06cd54d1856c197bef408c0035
-
SHA512
55390f5b8d3f9b2a4fe56a4c37d8940959524b0ffa7acaa73c47a6a867cf4dd904da2a4029c18dd7a536eb8f91743c3532fa4c1416c49491ddae4bc242d1e4dc
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-