General
-
Target
79c730694b0df899e39b8cfcfcf610f7d25bc191512b3287e55fdbc1a39d1e01
-
Size
1.3MB
-
Sample
220217-aqpd5sgahl
-
MD5
a5d59151fbe269c3f50dfa241cad9cdd
-
SHA1
ec896e5d0758c1a29a763a988c77334f12430432
-
SHA256
79c730694b0df899e39b8cfcfcf610f7d25bc191512b3287e55fdbc1a39d1e01
-
SHA512
03aebec9e30855cf77f38016b7f687452a203ed8399d1cf65d08f8c36263a4987f0e16c8c26477c1bef6cdfcbefe177d7ac90971bd7643a907f1278bfe7a3ce9
Behavioral task
behavioral1
Sample
79c730694b0df899e39b8cfcfcf610f7d25bc191512b3287e55fdbc1a39d1e01.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
79c730694b0df899e39b8cfcfcf610f7d25bc191512b3287e55fdbc1a39d1e01.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
warzonerat
wealth.warzonedns.com:5202
Targets
-
-
Target
79c730694b0df899e39b8cfcfcf610f7d25bc191512b3287e55fdbc1a39d1e01
-
Size
1.3MB
-
MD5
a5d59151fbe269c3f50dfa241cad9cdd
-
SHA1
ec896e5d0758c1a29a763a988c77334f12430432
-
SHA256
79c730694b0df899e39b8cfcfcf610f7d25bc191512b3287e55fdbc1a39d1e01
-
SHA512
03aebec9e30855cf77f38016b7f687452a203ed8399d1cf65d08f8c36263a4987f0e16c8c26477c1bef6cdfcbefe177d7ac90971bd7643a907f1278bfe7a3ce9
Score10/10-
NetWire RAT payload
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-
autoit_exe
AutoIT scripts compiled to PE executables.
-