General
-
Target
trialerror.exe
-
Size
382KB
-
Sample
211028-mq2qpacbe7
-
MD5
20d8aa33ef434402409f324347a0ec7d
-
SHA1
c0229260f9d86f9d84f03e157292151c7291c9cf
-
SHA256
891ec551723db54320278c70e3bb92c573aed9144e9c4b3b0250ed0a5af3d962
-
SHA512
f95c0fdd1284f9810e7140d1207ef86643ff447855e497b2023ddc066235ff19561406aa9d4a6c13f41496d5ff31e1c6b11773a676469d42c245a2b7ce472bae
Static task
static1
Behavioral task
behavioral1
Sample
trialerror.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
trialerror.exe
Resource
win10-en-20210920
Malware Config
Extracted
warzonerat
85.17.126.20:5200
Targets
-
-
Target
trialerror.exe
-
Size
382KB
-
MD5
20d8aa33ef434402409f324347a0ec7d
-
SHA1
c0229260f9d86f9d84f03e157292151c7291c9cf
-
SHA256
891ec551723db54320278c70e3bb92c573aed9144e9c4b3b0250ed0a5af3d962
-
SHA512
f95c0fdd1284f9810e7140d1207ef86643ff447855e497b2023ddc066235ff19561406aa9d4a6c13f41496d5ff31e1c6b11773a676469d42c245a2b7ce472bae
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Nirsoft
-
Warzone RAT Payload
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-