General
-
Target
78c4d7d8d7d5ecc0e3ebfc55e1d905498922be5416352f31babbdfe6053fa8b6
-
Size
1.3MB
-
Sample
220217-arq95agbam
-
MD5
04543e2a8a287dbbc0e08f0e371a124d
-
SHA1
2260a0ea326dddd10f49a5dce28990cfb6932272
-
SHA256
78c4d7d8d7d5ecc0e3ebfc55e1d905498922be5416352f31babbdfe6053fa8b6
-
SHA512
7f9cb93d5e85cbf09836882ec7e797f9f357e6815d90c02d762cb97ea5232a3d958d42302ffc683471a1cbb85cae632e2e0d1906b471f6a4375d3fcf3b182108
Behavioral task
behavioral1
Sample
78c4d7d8d7d5ecc0e3ebfc55e1d905498922be5416352f31babbdfe6053fa8b6.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
78c4d7d8d7d5ecc0e3ebfc55e1d905498922be5416352f31babbdfe6053fa8b6.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
warzonerat
wealth.warzonedns.com:5202
Targets
-
-
Target
78c4d7d8d7d5ecc0e3ebfc55e1d905498922be5416352f31babbdfe6053fa8b6
-
Size
1.3MB
-
MD5
04543e2a8a287dbbc0e08f0e371a124d
-
SHA1
2260a0ea326dddd10f49a5dce28990cfb6932272
-
SHA256
78c4d7d8d7d5ecc0e3ebfc55e1d905498922be5416352f31babbdfe6053fa8b6
-
SHA512
7f9cb93d5e85cbf09836882ec7e797f9f357e6815d90c02d762cb97ea5232a3d958d42302ffc683471a1cbb85cae632e2e0d1906b471f6a4375d3fcf3b182108
Score10/10-
NetWire RAT payload
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-
autoit_exe
AutoIT scripts compiled to PE executables.
-