General
-
Target
7997d6a0510d62275ca36d4de4d60f487907e03f590b47391446672c86a71b64
-
Size
1.3MB
-
Sample
220217-aqrt9sgahm
-
MD5
0143207b5a8818842653ef25cf1b2532
-
SHA1
32ce84111da09dfbc0ca62357162ea1c1067f322
-
SHA256
7997d6a0510d62275ca36d4de4d60f487907e03f590b47391446672c86a71b64
-
SHA512
d50854a3948e7fc327334981ec6efcba815fa4eb2a097df10df99a4ead481ae4efff89d84e177ad7a943ebd68751737ad594db4b5dda9c0101a5528fdbe6e8a8
Behavioral task
behavioral1
Sample
7997d6a0510d62275ca36d4de4d60f487907e03f590b47391446672c86a71b64.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
7997d6a0510d62275ca36d4de4d60f487907e03f590b47391446672c86a71b64.exe
Resource
win10v2004-en-20220112
Malware Config
Extracted
warzonerat
wealth.warzonedns.com:5202
Targets
-
-
Target
7997d6a0510d62275ca36d4de4d60f487907e03f590b47391446672c86a71b64
-
Size
1.3MB
-
MD5
0143207b5a8818842653ef25cf1b2532
-
SHA1
32ce84111da09dfbc0ca62357162ea1c1067f322
-
SHA256
7997d6a0510d62275ca36d4de4d60f487907e03f590b47391446672c86a71b64
-
SHA512
d50854a3948e7fc327334981ec6efcba815fa4eb2a097df10df99a4ead481ae4efff89d84e177ad7a943ebd68751737ad594db4b5dda9c0101a5528fdbe6e8a8
Score10/10-
NetWire RAT payload
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-
autoit_exe
AutoIT scripts compiled to PE executables.
-