General
-
Target
4SgcpBifNVPbGl6.exe
-
Size
966KB
-
Sample
220321-tythlsdbc2
-
MD5
fbe792df5474f73a0b287a21ae093337
-
SHA1
9b9f41e121439f09ceef0d6e8d640f63a2433606
-
SHA256
672ae14fc78158bc3a5b44c20488600a02e54a9d9231420a343885ab7e1c8f4f
-
SHA512
7bb9527211da305efaecd75f02dad41e6c8daffc4b94d09c6af85ab03bc0d4af76dc8ef7383637f534468d32ce06e17893757d7c1ffacbaf4b43787bc450703f
Static task
static1
Behavioral task
behavioral1
Sample
4SgcpBifNVPbGl6.exe
Resource
win7-20220310-en
Behavioral task
behavioral2
Sample
4SgcpBifNVPbGl6.exe
Resource
win10-20220310-en
Malware Config
Extracted
warzonerat
103.125.189.167:1998
Targets
-
-
Target
4SgcpBifNVPbGl6.exe
-
Size
966KB
-
MD5
fbe792df5474f73a0b287a21ae093337
-
SHA1
9b9f41e121439f09ceef0d6e8d640f63a2433606
-
SHA256
672ae14fc78158bc3a5b44c20488600a02e54a9d9231420a343885ab7e1c8f4f
-
SHA512
7bb9527211da305efaecd75f02dad41e6c8daffc4b94d09c6af85ab03bc0d4af76dc8ef7383637f534468d32ce06e17893757d7c1ffacbaf4b43787bc450703f
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Suspicious use of SetThreadContext
-