General
-
Target
PO data file from project 029452.tar.gz.exe
-
Size
546KB
-
Sample
211203-mjtrhabba4
-
MD5
a43e8ed3f8ecdf140209509a1ba5e166
-
SHA1
d2bace7e9074c37df9eb030ae12647d82175c727
-
SHA256
151bc1e51aad331a4f0daa0fa5e1f283affee21cea7fc24f230da3b8807c90bd
-
SHA512
dc4e383fff3b10d0b8f7c9a2a1b08b430de0fb7d2965eb92441259b5f8bc117e98ed40509455f808d17196ed80a75ef23f1fd15766840b54a3a05afdb89bb998
Static task
static1
Behavioral task
behavioral1
Sample
PO data file from project 029452.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
PO data file from project 029452.exe
Resource
win10-en-20211014
Malware Config
Extracted
warzonerat
engkaa.ddns.net:4545
Targets
-
-
Target
PO data file from project 029452.exe
-
Size
544KB
-
MD5
a977e0f159c0a6574c3274a1db5b7a67
-
SHA1
404e0e4a03baca74ec0ec08543917dcc1ce3a187
-
SHA256
3e52503cc1b664efb9fa89c2bed4adff5d460bffbe0dba536363edb5cda1c603
-
SHA512
7e5b8badab27963316865f92a8ca1ee323f0efcc03035cfa731cf9ed268a074d191004eaff08857ad89a9cee4fbf56fee93417f1f0caac77ea72518c3d55571e
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-