General
-
Target
5b2b5bb23e955d479a01bcf09da85d5acf6d489cc5c0c4d5c6402101d0a23c2b
-
Size
1.3MB
-
Sample
220217-dr286sgde8
-
MD5
1ae2a5141a15452e1d8fe2dc69e1aa3f
-
SHA1
bc71e5c5ad7f7a39c4e2008353454d1f523c72b7
-
SHA256
5b2b5bb23e955d479a01bcf09da85d5acf6d489cc5c0c4d5c6402101d0a23c2b
-
SHA512
fc556b62431b30623d06af39a5333e56765002429d3505c820cbbe0c85313944533d0bb57c67244ab063231aa407b590c5b5698df6537aa7fdf20e4207c4f640
Behavioral task
behavioral1
Sample
5b2b5bb23e955d479a01bcf09da85d5acf6d489cc5c0c4d5c6402101d0a23c2b.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
5b2b5bb23e955d479a01bcf09da85d5acf6d489cc5c0c4d5c6402101d0a23c2b.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
warzonerat
wealth.warzonedns.com:5202
Targets
-
-
Target
5b2b5bb23e955d479a01bcf09da85d5acf6d489cc5c0c4d5c6402101d0a23c2b
-
Size
1.3MB
-
MD5
1ae2a5141a15452e1d8fe2dc69e1aa3f
-
SHA1
bc71e5c5ad7f7a39c4e2008353454d1f523c72b7
-
SHA256
5b2b5bb23e955d479a01bcf09da85d5acf6d489cc5c0c4d5c6402101d0a23c2b
-
SHA512
fc556b62431b30623d06af39a5333e56765002429d3505c820cbbe0c85313944533d0bb57c67244ab063231aa407b590c5b5698df6537aa7fdf20e4207c4f640
Score10/10-
NetWire RAT payload
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-
autoit_exe
AutoIT scripts compiled to PE executables.
-