General
-
Target
5a62766cf18b8ec40d189b2afdd417683aa847f8453e568c2f76249841d0d5fc
-
Size
1.3MB
-
Sample
220217-dwptmshfdm
-
MD5
b87bb5e9050577cd350580e802c576e3
-
SHA1
f74c3e5f6ae278ebcbb8c1a9e82825d9a26dad65
-
SHA256
5a62766cf18b8ec40d189b2afdd417683aa847f8453e568c2f76249841d0d5fc
-
SHA512
c57315562de2f2072af406738ed8853023e49207308e3144dfc482bdad3b262742d67524d6c9b1b4e52e63c485f2e3ea176f1a1e432c6d9f6a8265b5ca592f9a
Behavioral task
behavioral1
Sample
5a62766cf18b8ec40d189b2afdd417683aa847f8453e568c2f76249841d0d5fc.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
5a62766cf18b8ec40d189b2afdd417683aa847f8453e568c2f76249841d0d5fc.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
warzonerat
wealth.warzonedns.com:5202
Targets
-
-
Target
5a62766cf18b8ec40d189b2afdd417683aa847f8453e568c2f76249841d0d5fc
-
Size
1.3MB
-
MD5
b87bb5e9050577cd350580e802c576e3
-
SHA1
f74c3e5f6ae278ebcbb8c1a9e82825d9a26dad65
-
SHA256
5a62766cf18b8ec40d189b2afdd417683aa847f8453e568c2f76249841d0d5fc
-
SHA512
c57315562de2f2072af406738ed8853023e49207308e3144dfc482bdad3b262742d67524d6c9b1b4e52e63c485f2e3ea176f1a1e432c6d9f6a8265b5ca592f9a
Score10/10-
NetWire RAT payload
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-
autoit_exe
AutoIT scripts compiled to PE executables.
-