General
-
Target
05b6108362c6bf38f974b2467432551c76f9157cc8f769b761467a7d08d65e7a
-
Size
635KB
-
Sample
211022-vhqmfscgek
-
MD5
e0d44889025f8d1b656ed515e9e32028
-
SHA1
aadb9181b5df4ef8d0850cc3db0bf8f3b32c4758
-
SHA256
05b6108362c6bf38f974b2467432551c76f9157cc8f769b761467a7d08d65e7a
-
SHA512
0fe3d271168a986148a02900a7019bae6b6d385c521496f6efb129a6e5ff3b4d516daf7633e602bd4d02cb7948cf5aa207867243841945564bfa905014a673de
Static task
static1
Behavioral task
behavioral1
Sample
05b6108362c6bf38f974b2467432551c76f9157cc8f769b761467a7d08d65e7a.exe
Resource
win10-en-20211014
Malware Config
Extracted
warzonerat
grace.adds-only.xyz:2323
Targets
-
-
Target
05b6108362c6bf38f974b2467432551c76f9157cc8f769b761467a7d08d65e7a
-
Size
635KB
-
MD5
e0d44889025f8d1b656ed515e9e32028
-
SHA1
aadb9181b5df4ef8d0850cc3db0bf8f3b32c4758
-
SHA256
05b6108362c6bf38f974b2467432551c76f9157cc8f769b761467a7d08d65e7a
-
SHA512
0fe3d271168a986148a02900a7019bae6b6d385c521496f6efb129a6e5ff3b4d516daf7633e602bd4d02cb7948cf5aa207867243841945564bfa905014a673de
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Executes dropped EXE
-
Drops startup file
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-