General
-
Target
IMG 026.COM
-
Size
247KB
-
Sample
220206-tc74wabdgp
-
MD5
b79e159203aec2eab0b00f3481413d01
-
SHA1
42be33f49dcff2413912198703d7b1afd9a2442a
-
SHA256
0e6a5fea169e41bb0a7d7f28118900a81a74e8144343532fe96608340f6143eb
-
SHA512
7b3535b9195fd1a5adb01514a237fe24dc1c89cb40153818e6a1b7d9f7a367fd3edf218f4c9513ec7e2543342705f6630e14512f388e2ef0336808efaefffa79
Static task
static1
Behavioral task
behavioral1
Sample
IMG 026.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
IMG 026.exe
Resource
win10-en-20211208
Malware Config
Extracted
warzonerat
iphanyi.webredirect.org:5552
Targets
-
-
Target
IMG 026.COM
-
Size
247KB
-
MD5
b79e159203aec2eab0b00f3481413d01
-
SHA1
42be33f49dcff2413912198703d7b1afd9a2442a
-
SHA256
0e6a5fea169e41bb0a7d7f28118900a81a74e8144343532fe96608340f6143eb
-
SHA512
7b3535b9195fd1a5adb01514a237fe24dc1c89cb40153818e6a1b7d9f7a367fd3edf218f4c9513ec7e2543342705f6630e14512f388e2ef0336808efaefffa79
Score10/10-
Modifies WinLogon for persistence
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-