General
-
Target
78093adc07258ecc72ee6a881f2076452eeba032dbbfa9f7e251ddca681da025
-
Size
1.3MB
-
Sample
220217-asm9vsehd9
-
MD5
967cda310ce22f7e17704dfa7d8f8bd7
-
SHA1
464446e3df090c65fbf11d461ecd6b57d1017046
-
SHA256
78093adc07258ecc72ee6a881f2076452eeba032dbbfa9f7e251ddca681da025
-
SHA512
20584160cef64c9d47d154eee330db40a1cc61cc01a5085df727fbc1b0c0bc661cae0047379d4762b490790476e501e6c98a6d1c9e85a86cb68660304cde0ea7
Behavioral task
behavioral1
Sample
78093adc07258ecc72ee6a881f2076452eeba032dbbfa9f7e251ddca681da025.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
78093adc07258ecc72ee6a881f2076452eeba032dbbfa9f7e251ddca681da025.exe
Resource
win10v2004-en-20220112
Malware Config
Extracted
warzonerat
wealth.warzonedns.com:5202
Targets
-
-
Target
78093adc07258ecc72ee6a881f2076452eeba032dbbfa9f7e251ddca681da025
-
Size
1.3MB
-
MD5
967cda310ce22f7e17704dfa7d8f8bd7
-
SHA1
464446e3df090c65fbf11d461ecd6b57d1017046
-
SHA256
78093adc07258ecc72ee6a881f2076452eeba032dbbfa9f7e251ddca681da025
-
SHA512
20584160cef64c9d47d154eee330db40a1cc61cc01a5085df727fbc1b0c0bc661cae0047379d4762b490790476e501e6c98a6d1c9e85a86cb68660304cde0ea7
Score10/10-
NetWire RAT payload
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-
autoit_exe
AutoIT scripts compiled to PE executables.
-