General
-
Target
86a0319248cd02a1ef950399b961c5a560b1695eceb352258f02b73bd5c3c260
-
Size
1.3MB
-
Sample
220217-aaf3tsfhaq
-
MD5
893a5605eaee11e10b2234edd8ef0571
-
SHA1
1b53e5e2cbe2368f37411b83e989e6d17310ffbc
-
SHA256
86a0319248cd02a1ef950399b961c5a560b1695eceb352258f02b73bd5c3c260
-
SHA512
1c2c45534a60f05848b739b24641980b3abaf1dbd10d6ba20a5995c31850e2a313ebe9107a35ffa67e1777c7f72147abbd22575ed3dbbc850e9f4c831582e46e
Behavioral task
behavioral1
Sample
86a0319248cd02a1ef950399b961c5a560b1695eceb352258f02b73bd5c3c260.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
86a0319248cd02a1ef950399b961c5a560b1695eceb352258f02b73bd5c3c260.exe
Resource
win10v2004-en-20220112
Malware Config
Extracted
warzonerat
wealth.warzonedns.com:5202
Targets
-
-
Target
86a0319248cd02a1ef950399b961c5a560b1695eceb352258f02b73bd5c3c260
-
Size
1.3MB
-
MD5
893a5605eaee11e10b2234edd8ef0571
-
SHA1
1b53e5e2cbe2368f37411b83e989e6d17310ffbc
-
SHA256
86a0319248cd02a1ef950399b961c5a560b1695eceb352258f02b73bd5c3c260
-
SHA512
1c2c45534a60f05848b739b24641980b3abaf1dbd10d6ba20a5995c31850e2a313ebe9107a35ffa67e1777c7f72147abbd22575ed3dbbc850e9f4c831582e46e
Score10/10-
NetWire RAT payload
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-
autoit_exe
AutoIT scripts compiled to PE executables.
-