General
-
Target
79283a7f84534ad61863a479f20d644fea9f991f684889df526ef48a9bea9dd1
-
Size
1.3MB
-
Sample
220217-ardzssehd2
-
MD5
5fd6a1dd97230ebf489de0bdf39e0ea2
-
SHA1
c30450e257d612a70b3bda5ac4d7a106bd127548
-
SHA256
79283a7f84534ad61863a479f20d644fea9f991f684889df526ef48a9bea9dd1
-
SHA512
314c36cdbdc19c1825f1305078011fa6f82e595ad7814d124177eade8b6af1e0ed354185ee59389984047b356862d861f7731b97b1e50b0d66f2cbf7f59095dc
Behavioral task
behavioral1
Sample
79283a7f84534ad61863a479f20d644fea9f991f684889df526ef48a9bea9dd1.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
79283a7f84534ad61863a479f20d644fea9f991f684889df526ef48a9bea9dd1.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
warzonerat
wealth.warzonedns.com:5202
Targets
-
-
Target
79283a7f84534ad61863a479f20d644fea9f991f684889df526ef48a9bea9dd1
-
Size
1.3MB
-
MD5
5fd6a1dd97230ebf489de0bdf39e0ea2
-
SHA1
c30450e257d612a70b3bda5ac4d7a106bd127548
-
SHA256
79283a7f84534ad61863a479f20d644fea9f991f684889df526ef48a9bea9dd1
-
SHA512
314c36cdbdc19c1825f1305078011fa6f82e595ad7814d124177eade8b6af1e0ed354185ee59389984047b356862d861f7731b97b1e50b0d66f2cbf7f59095dc
Score10/10-
NetWire RAT payload
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-
autoit_exe
AutoIT scripts compiled to PE executables.
-