General
-
Target
FilesG_qdoNhHLK.exe
-
Size
435KB
-
Sample
220111-vx8rksgfhm
-
MD5
c0f6db6255fed464e6e7fd8add0206a4
-
SHA1
62277d7d6ee3d32c964f10cc423f4cbe6e98cb9e
-
SHA256
fdd2aeecda3fe4a1fb61be1058ed53c337d79f7e2a8e1bde6a470f26f8995732
-
SHA512
72cca39f503a112b03f7c7a9f840bc7294864662125090413d6cd27cac2aa66420fe55555778127ca5bc7a73fdb292680a4d580f07b586c974a03a8fd8ad3f73
Static task
static1
Behavioral task
behavioral1
Sample
FilesG_qdoNhHLK.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
FilesG_qdoNhHLK.exe
Resource
win10-en-20211208
Malware Config
Extracted
warzonerat
lionlee.nerdpol.ovh:5200
Targets
-
-
Target
FilesG_qdoNhHLK.exe
-
Size
435KB
-
MD5
c0f6db6255fed464e6e7fd8add0206a4
-
SHA1
62277d7d6ee3d32c964f10cc423f4cbe6e98cb9e
-
SHA256
fdd2aeecda3fe4a1fb61be1058ed53c337d79f7e2a8e1bde6a470f26f8995732
-
SHA512
72cca39f503a112b03f7c7a9f840bc7294864662125090413d6cd27cac2aa66420fe55555778127ca5bc7a73fdb292680a4d580f07b586c974a03a8fd8ad3f73
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Warzone RAT Payload
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-