General
-
Target
fb522d468e6fc7187053a57e8300381b.39185e27ea4210a3aa070dadbe91575c891603d8.primary_analysis_subject
-
Size
11KB
-
Sample
211012-mh3ysacah8
-
MD5
4edaec478702c9ae33b3b016214c1288
-
SHA1
7bc282f3f7dae5edd327c470a35eb7445526c92c
-
SHA256
8c2d5674630a01a7f4cea1a683081412200ecbe413a80dbe922d9eefc66fa587
-
SHA512
5ca95bba278dfc397f03ac83e6d3fbcbb733ed4571f90b8fe3ca0955c9087d142479bfdd9e0511e14dee0dcda792be07342814620bbaeb6d43caa46b05c417cd
Static task
static1
Behavioral task
behavioral1
Sample
primary_analysis_subject.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
primary_analysis_subject.exe
Resource
win10-en-20210920
Malware Config
Extracted
warzonerat
mondaynew22.3utilities.com:3645
Targets
-
-
Target
primary_analysis_subject
-
Size
295KB
-
MD5
fb522d468e6fc7187053a57e8300381b
-
SHA1
39185e27ea4210a3aa070dadbe91575c891603d8
-
SHA256
6062a0392b4b785d926964a9d535a78775770fde2acf70489a13f6ea2ff811d1
-
SHA512
a25138d1f5ae3801fbb1e3020582c3980237321ff2bc647a153b7496d1154008ef4efc057e76a3c64f27c083d83220589e45f9f7e4e571f869a7fe05c740c57a
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-