General
-
Target
83818d0b790c51003b3f09042f4a8a6f665657f11b43001ed7ebf4728dabf680
-
Size
1.3MB
-
Sample
220217-adjccseff4
-
MD5
817e50ca6790c827ce6ee8d122a151cf
-
SHA1
260f46c33541119e281a932aaa160c2bb3cf0429
-
SHA256
83818d0b790c51003b3f09042f4a8a6f665657f11b43001ed7ebf4728dabf680
-
SHA512
0ff143d30878973ef33f0b1caeb4e60c685ff00378c34519690d10f7b9cafcfc32c76f091e48d3e4c4f4e2c1ed917f4064fbf63c3b98ac9255eae38df4e85d8b
Behavioral task
behavioral1
Sample
83818d0b790c51003b3f09042f4a8a6f665657f11b43001ed7ebf4728dabf680.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
83818d0b790c51003b3f09042f4a8a6f665657f11b43001ed7ebf4728dabf680.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
warzonerat
wealth.warzonedns.com:5202
Targets
-
-
Target
83818d0b790c51003b3f09042f4a8a6f665657f11b43001ed7ebf4728dabf680
-
Size
1.3MB
-
MD5
817e50ca6790c827ce6ee8d122a151cf
-
SHA1
260f46c33541119e281a932aaa160c2bb3cf0429
-
SHA256
83818d0b790c51003b3f09042f4a8a6f665657f11b43001ed7ebf4728dabf680
-
SHA512
0ff143d30878973ef33f0b1caeb4e60c685ff00378c34519690d10f7b9cafcfc32c76f091e48d3e4c4f4e2c1ed917f4064fbf63c3b98ac9255eae38df4e85d8b
Score10/10-
NetWire RAT payload
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-
autoit_exe
AutoIT scripts compiled to PE executables.
-