General
-
Target
5ae28e269465f91685320e39dec3097cc4f9dca02f103e5ef0859d90fa3ca19b
-
Size
1.3MB
-
Sample
220217-dtvxwagdg6
-
MD5
1590bfa21d83652421d4125ce6a4eef3
-
SHA1
dcc2f3b8bb19fd65cf982db034ffc053e3d0a4cd
-
SHA256
5ae28e269465f91685320e39dec3097cc4f9dca02f103e5ef0859d90fa3ca19b
-
SHA512
b021454f9e2279e652ade23a31e7e7ef7ea8cf12f2f85a9f059bc2835e9b6f2dfd86aca175f4995018fd7c339333ee253f7ad28676e93a084cb58aa84240e4d4
Behavioral task
behavioral1
Sample
5ae28e269465f91685320e39dec3097cc4f9dca02f103e5ef0859d90fa3ca19b.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
5ae28e269465f91685320e39dec3097cc4f9dca02f103e5ef0859d90fa3ca19b.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
warzonerat
wealth.warzonedns.com:5202
Targets
-
-
Target
5ae28e269465f91685320e39dec3097cc4f9dca02f103e5ef0859d90fa3ca19b
-
Size
1.3MB
-
MD5
1590bfa21d83652421d4125ce6a4eef3
-
SHA1
dcc2f3b8bb19fd65cf982db034ffc053e3d0a4cd
-
SHA256
5ae28e269465f91685320e39dec3097cc4f9dca02f103e5ef0859d90fa3ca19b
-
SHA512
b021454f9e2279e652ade23a31e7e7ef7ea8cf12f2f85a9f059bc2835e9b6f2dfd86aca175f4995018fd7c339333ee253f7ad28676e93a084cb58aa84240e4d4
Score10/10-
NetWire RAT payload
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-
autoit_exe
AutoIT scripts compiled to PE executables.
-