General
-
Target
eeb9abcea9e7dba40329aa5bcb09ce413b7a604c55dbd5b6762c325faaaaf63e
-
Size
377KB
-
Sample
220521-n5aq7aefd2
-
MD5
243c7f90732732f83d208de9f687f601
-
SHA1
8c051f8b052f7c6c6ba8996b5c201d0cd07f2d3a
-
SHA256
eeb9abcea9e7dba40329aa5bcb09ce413b7a604c55dbd5b6762c325faaaaf63e
-
SHA512
908db59f383aba318fbd64836ab47a42b6354e694f7d808c1caf5cd82be3b0265e9f163db4f849b83e3c277a9adb2e32e0f0c1969df8d9ce2563740023cd9699
Static task
static1
Behavioral task
behavioral1
Sample
New_202017083636353552679474747484.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
New_202017083636353552679474747484.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
warzonerat
185.244.30.94:2626
Targets
-
-
Target
New_202017083636353552679474747484.exe
-
Size
423KB
-
MD5
64dec1f99745e0832850745e025df14c
-
SHA1
95af4fa6ec93dc33506549369cb45afd24e9fb4a
-
SHA256
109c732fb8dab15970fff8c7b9bae65b2f29edd8bef809518ddcaca8bd5ddfbb
-
SHA512
436c54b0dcab72fb0d776915f0753ee83b902b3d8ffb9a6c0cfbed8a6337c57c672b9b55e970aa7f8e4c39213f68d6082dc39265a83416b02fb48e0f0bedd2a4
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-