General
-
Target
File2289.exe
-
Size
734KB
-
Sample
220311-rz1bfachdk
-
MD5
81e2134ec12d6342cf59df927e4352d8
-
SHA1
5c798138ebbdb723a7db9f7cf7d3a3b7cdba9515
-
SHA256
524898ddc5d913718bd872b30e7bfa2eadd322952f6f26f1c671a9271d57456b
-
SHA512
3d762d4ac94425d972e45de67aaea0b835393fc43229853484e8065f068dc4963e08b780686a09dcbaf06fa3d3e99880b2ccb43b5f7b89dde4104e4c69ec0db8
Static task
static1
Behavioral task
behavioral1
Sample
File2289.exe
Resource
win7-20220311-en
Behavioral task
behavioral2
Sample
File2289.exe
Resource
win10-20220310-en
Malware Config
Extracted
warzonerat
84.38.132.36:5200
Targets
-
-
Target
File2289.exe
-
Size
734KB
-
MD5
81e2134ec12d6342cf59df927e4352d8
-
SHA1
5c798138ebbdb723a7db9f7cf7d3a3b7cdba9515
-
SHA256
524898ddc5d913718bd872b30e7bfa2eadd322952f6f26f1c671a9271d57456b
-
SHA512
3d762d4ac94425d972e45de67aaea0b835393fc43229853484e8065f068dc4963e08b780686a09dcbaf06fa3d3e99880b2ccb43b5f7b89dde4104e4c69ec0db8
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Warzone RAT Payload
-
Suspicious use of SetThreadContext
-