General
-
Target
b9419a890ae732f44b4bbde7167aa6e559e912f8d1d7fa52fb9a70233efae334
-
Size
282KB
-
Sample
211025-csdrjagder
-
MD5
eb5005349713aa25ee7cfc2833786d56
-
SHA1
900d09d685fff9b690ca50b96b5ab77449f5623f
-
SHA256
b9419a890ae732f44b4bbde7167aa6e559e912f8d1d7fa52fb9a70233efae334
-
SHA512
6926d989e716cd958a03a49c56679725dba11b30bfb3be20ea99bfe4d4449d4ac4aa202e2fc59a99f624635191a9581bc5d97d2d7ce2ca3d95259b5524fb0164
Static task
static1
Behavioral task
behavioral1
Sample
b9419a890ae732f44b4bbde7167aa6e559e912f8d1d7fa52fb9a70233efae334.exe
Resource
win10-en-20211014
Malware Config
Extracted
warzonerat
grace.adds-only.xyz:2323
Targets
-
-
Target
b9419a890ae732f44b4bbde7167aa6e559e912f8d1d7fa52fb9a70233efae334
-
Size
282KB
-
MD5
eb5005349713aa25ee7cfc2833786d56
-
SHA1
900d09d685fff9b690ca50b96b5ab77449f5623f
-
SHA256
b9419a890ae732f44b4bbde7167aa6e559e912f8d1d7fa52fb9a70233efae334
-
SHA512
6926d989e716cd958a03a49c56679725dba11b30bfb3be20ea99bfe4d4449d4ac4aa202e2fc59a99f624635191a9581bc5d97d2d7ce2ca3d95259b5524fb0164
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Executes dropped EXE
-
Drops startup file
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-