General
-
Target
79cec8a3af94a833a77147cc827001d71f75151ff53169eb88c5489ffa140cf4
-
Size
1.3MB
-
Sample
220217-aql9saehc4
-
MD5
ff84ec8553ee3f67dce793604d835c97
-
SHA1
414823ad6e16e0f8a9074077df1527cb4425940e
-
SHA256
79cec8a3af94a833a77147cc827001d71f75151ff53169eb88c5489ffa140cf4
-
SHA512
56dea1dc3a50b5a67d430276c26144b391846dd3ee32430fb494c0333669db51bd3c40b018ddb8389809f58cbf05a2bb3d81f52833c8d2646d37747ebe407189
Behavioral task
behavioral1
Sample
79cec8a3af94a833a77147cc827001d71f75151ff53169eb88c5489ffa140cf4.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
79cec8a3af94a833a77147cc827001d71f75151ff53169eb88c5489ffa140cf4.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
warzonerat
wealth.warzonedns.com:5202
Targets
-
-
Target
79cec8a3af94a833a77147cc827001d71f75151ff53169eb88c5489ffa140cf4
-
Size
1.3MB
-
MD5
ff84ec8553ee3f67dce793604d835c97
-
SHA1
414823ad6e16e0f8a9074077df1527cb4425940e
-
SHA256
79cec8a3af94a833a77147cc827001d71f75151ff53169eb88c5489ffa140cf4
-
SHA512
56dea1dc3a50b5a67d430276c26144b391846dd3ee32430fb494c0333669db51bd3c40b018ddb8389809f58cbf05a2bb3d81f52833c8d2646d37747ebe407189
Score10/10-
NetWire RAT payload
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-
autoit_exe
AutoIT scripts compiled to PE executables.
-