General
-
Target
9989f56522f74833b209e3db7b0d44420bea16890a7b48e9e70d66221e9cd0db
-
Size
279KB
-
Sample
220521-ntc26seba4
-
MD5
404a3e292a15a44240636fb66bb69d38
-
SHA1
d9ccf2ae2e32ac546060df488d81faff2d714d56
-
SHA256
9989f56522f74833b209e3db7b0d44420bea16890a7b48e9e70d66221e9cd0db
-
SHA512
6859afacc3615bc6ea8135368affec5e51ca3abef89caa8cc7131c62462614bc83305f16b6a61bfa18134481dabd6adfe0b4d7fbefce288e6d48ce90d73b93cd
Static task
static1
Behavioral task
behavioral1
Sample
Revised DWG original copy for confirmation.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Revised DWG original copy for confirmation.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
warzonerat
bestgrace.mywire.org:2442
Targets
-
-
Target
Revised DWG original copy for confirmation.exe
-
Size
304KB
-
MD5
5a04e8ab195a8c2278f554825477e931
-
SHA1
bcc1e7eb3039178af32d9f45341e3cb284e458ac
-
SHA256
949e65785ee74b4ee36a4ae53e734e8a59df3b0792213589fc17cc7fb48712da
-
SHA512
dc0639e33b653ce2cb532938a47c2765c4a6a186aa3ce0469c6df17aeb655ba64ebfff7d01eeb51f641140eeadd257e1266c90fd77dd5ddebab6fd2ca1040f0f
Score10/10-
Modifies WinLogon for persistence
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-