General
-
Target
5af9d6943b093038da57621b2ed178febf416198406ec5c412f07f542c655a62
-
Size
1.3MB
-
Sample
220217-dtdnlagdg2
-
MD5
51e86c1d16c78920607f5a660e637467
-
SHA1
216e808bfa1d7a78d8b00be3d373acb632a1772e
-
SHA256
5af9d6943b093038da57621b2ed178febf416198406ec5c412f07f542c655a62
-
SHA512
cfb21c7ad540dfb5891f7c9f14e68948281d3c566b8a857d7dc1611e868516178d741a6e2aa22a78edf6d2d4a711bf67323fcce495ed60c52475f7ddf3049c58
Behavioral task
behavioral1
Sample
5af9d6943b093038da57621b2ed178febf416198406ec5c412f07f542c655a62.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
5af9d6943b093038da57621b2ed178febf416198406ec5c412f07f542c655a62.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
warzonerat
wealth.warzonedns.com:5202
Targets
-
-
Target
5af9d6943b093038da57621b2ed178febf416198406ec5c412f07f542c655a62
-
Size
1.3MB
-
MD5
51e86c1d16c78920607f5a660e637467
-
SHA1
216e808bfa1d7a78d8b00be3d373acb632a1772e
-
SHA256
5af9d6943b093038da57621b2ed178febf416198406ec5c412f07f542c655a62
-
SHA512
cfb21c7ad540dfb5891f7c9f14e68948281d3c566b8a857d7dc1611e868516178d741a6e2aa22a78edf6d2d4a711bf67323fcce495ed60c52475f7ddf3049c58
Score10/10-
NetWire RAT payload
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-
autoit_exe
AutoIT scripts compiled to PE executables.
-