General
-
Target
73636c36105a615c2babd121de083162ffd3e52c38e6dfaf8b8ee28221d4e9fe
-
Size
395KB
-
Sample
220521-n6pxhahhcl
-
MD5
bdfce7d0a970c894caecd0a59f877e3c
-
SHA1
898185e4939181f2bc33eb74b11466e3166025c0
-
SHA256
73636c36105a615c2babd121de083162ffd3e52c38e6dfaf8b8ee28221d4e9fe
-
SHA512
a7014fab9182329b01c96f5e66ee21fd7e5919144e6eb8625f30362c97844820402917d1bc3f44c1894bcbf9b30239f847d5734b55bcb5dcde475150c8b8c4e8
Static task
static1
Behavioral task
behavioral1
Sample
New_List017082020202029202928737345.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
New_List017082020202029202928737345.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
warzonerat
wapt.myhome-server.de:1050
Targets
-
-
Target
New_List017082020202029202928737345.exe
-
Size
442KB
-
MD5
303a7cc9d0af7ae7f0e4ce444aa17519
-
SHA1
938347effe8c859dc2e43e06f0990abc951b4ab4
-
SHA256
73df1ac5611ee275686b92c037d16dd00097eaa16bb2ceeea92d56e1bda1bd00
-
SHA512
5688f4d63fe15060ba32553f2592ad216fe93805de91e6478fefde18fe02051bef09e91b6cc82c35cad60f75daed179f0a32b3c8068d14c6ef8fd9c1542452ff
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-