General
-
Target
87837f84cff6aaa529c7a54fcbae5d446765eb853e5a0fd78ff7b7a2a98fd768
-
Size
1.3MB
-
Sample
220216-31ftzafghq
-
MD5
b3132898a75f8fae61ac2b1966562a10
-
SHA1
b1c0e22eee6b560048e7d5261e0871cd9b4ce5c6
-
SHA256
87837f84cff6aaa529c7a54fcbae5d446765eb853e5a0fd78ff7b7a2a98fd768
-
SHA512
dcd362be2509365df975964ba5d1a67568963abf7220a027362bf6d503fd012d0b89e3dd381faf2b48ea0f0e382f54d7124c5e71f2ba6511a365c710050033f0
Behavioral task
behavioral1
Sample
87837f84cff6aaa529c7a54fcbae5d446765eb853e5a0fd78ff7b7a2a98fd768.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
87837f84cff6aaa529c7a54fcbae5d446765eb853e5a0fd78ff7b7a2a98fd768.exe
Resource
win10v2004-en-20220112
Malware Config
Extracted
warzonerat
wealth.warzonedns.com:5202
Targets
-
-
Target
87837f84cff6aaa529c7a54fcbae5d446765eb853e5a0fd78ff7b7a2a98fd768
-
Size
1.3MB
-
MD5
b3132898a75f8fae61ac2b1966562a10
-
SHA1
b1c0e22eee6b560048e7d5261e0871cd9b4ce5c6
-
SHA256
87837f84cff6aaa529c7a54fcbae5d446765eb853e5a0fd78ff7b7a2a98fd768
-
SHA512
dcd362be2509365df975964ba5d1a67568963abf7220a027362bf6d503fd012d0b89e3dd381faf2b48ea0f0e382f54d7124c5e71f2ba6511a365c710050033f0
Score10/10-
NetWire RAT payload
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-
autoit_exe
AutoIT scripts compiled to PE executables.
-