General
-
Target
99132457ab16ed22ad2581ad07c1f4bbd07c4adcb12e39e74df9d150f13c84b7
-
Size
52KB
-
Sample
211014-xscvfsahgn
-
MD5
1bd356bd20a2de1c53bc28104ee97d18
-
SHA1
a32e710ebd3613e65fa90bd8824995bbff83794e
-
SHA256
99132457ab16ed22ad2581ad07c1f4bbd07c4adcb12e39e74df9d150f13c84b7
-
SHA512
6ff5deb8b34c24fdb5eaf7bfcf155d7afeddd553d61a9d61421f34fdabb6a8d0cd89c54ef0654d79988f4c52bf148ea85acdd409e2eada88636747ea0bd85fd8
Static task
static1
Behavioral task
behavioral1
Sample
99132457ab16ed22ad2581ad07c1f4bbd07c4adcb12e39e74df9d150f13c84b7.exe
Resource
win10-en-20210920
Malware Config
Extracted
warzonerat
185.140.53.199:5200
Targets
-
-
Target
99132457ab16ed22ad2581ad07c1f4bbd07c4adcb12e39e74df9d150f13c84b7
-
Size
52KB
-
MD5
1bd356bd20a2de1c53bc28104ee97d18
-
SHA1
a32e710ebd3613e65fa90bd8824995bbff83794e
-
SHA256
99132457ab16ed22ad2581ad07c1f4bbd07c4adcb12e39e74df9d150f13c84b7
-
SHA512
6ff5deb8b34c24fdb5eaf7bfcf155d7afeddd553d61a9d61421f34fdabb6a8d0cd89c54ef0654d79988f4c52bf148ea85acdd409e2eada88636747ea0bd85fd8
Score10/10-
Turns off Windows Defender SpyNet reporting
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Nirsoft
-
Warzone RAT Payload
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-