General
-
Target
invoice-2013790008755.bat
-
Size
269KB
-
Sample
211014-q6d64shfe4
-
MD5
c37e3d75cffedf5dfd2710d0741012b8
-
SHA1
e0ef0f784d7be7b19d1ebe3f37bc0380061d24eb
-
SHA256
82572bb673e848ff6622ce079dd07a8434290e44499846952ddda1819d315db3
-
SHA512
c03f377264a544b2b3116b0a4036030e814b907050abd784ebe2ea9170b31c08cb0c253d077495e0b1e1266e6f02299b39d2defa7487d07af15434c9c5d90a1b
Static task
static1
Behavioral task
behavioral1
Sample
invoice-2013790008755.bat.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
invoice-2013790008755.bat.exe
Resource
win10-en-20210920
Malware Config
Extracted
warzonerat
176.126.86.243:2021
Targets
-
-
Target
invoice-2013790008755.bat
-
Size
269KB
-
MD5
c37e3d75cffedf5dfd2710d0741012b8
-
SHA1
e0ef0f784d7be7b19d1ebe3f37bc0380061d24eb
-
SHA256
82572bb673e848ff6622ce079dd07a8434290e44499846952ddda1819d315db3
-
SHA512
c03f377264a544b2b3116b0a4036030e814b907050abd784ebe2ea9170b31c08cb0c253d077495e0b1e1266e6f02299b39d2defa7487d07af15434c9c5d90a1b
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Executes dropped EXE
-
Sets DLL path for service in the registry
-
Loads dropped DLL
-
Adds Run key to start application
-
Modifies WinLogon
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-