General
-
Target
856b6a4947e1b0c30ceecd54c218a5126838344c17405b64294bf7910a316d06
-
Size
1.3MB
-
Sample
220217-abzassefe4
-
MD5
2db07842ff7f17bca5b7fa222b0fb2bf
-
SHA1
33055d2e37b7d42dc744c579e8daea21f5bf79f8
-
SHA256
856b6a4947e1b0c30ceecd54c218a5126838344c17405b64294bf7910a316d06
-
SHA512
14be10d71d64bfe6c17f62b84229b73b48ea23c85d59eb7a35613c58ad23a157fee67281371a84cfb8253af0907f74a0fe449112458be5156965ba4642bd0690
Behavioral task
behavioral1
Sample
856b6a4947e1b0c30ceecd54c218a5126838344c17405b64294bf7910a316d06.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
856b6a4947e1b0c30ceecd54c218a5126838344c17405b64294bf7910a316d06.exe
Resource
win10v2004-en-20220112
Malware Config
Extracted
warzonerat
wealth.warzonedns.com:5202
Targets
-
-
Target
856b6a4947e1b0c30ceecd54c218a5126838344c17405b64294bf7910a316d06
-
Size
1.3MB
-
MD5
2db07842ff7f17bca5b7fa222b0fb2bf
-
SHA1
33055d2e37b7d42dc744c579e8daea21f5bf79f8
-
SHA256
856b6a4947e1b0c30ceecd54c218a5126838344c17405b64294bf7910a316d06
-
SHA512
14be10d71d64bfe6c17f62b84229b73b48ea23c85d59eb7a35613c58ad23a157fee67281371a84cfb8253af0907f74a0fe449112458be5156965ba4642bd0690
Score10/10-
NetWire RAT payload
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-
autoit_exe
AutoIT scripts compiled to PE executables.
-