General
-
Target
1ec1bdf770161f455266bc10b97a1af6441b391995e96bf93492c102cd299d32
-
Size
495KB
-
Sample
220521-pa47zsabdm
-
MD5
25d1c40227a6d9c8f1396fbc09ba5d8a
-
SHA1
e19e820586ef5789b4f208fd83d4041a451a8dbf
-
SHA256
1ec1bdf770161f455266bc10b97a1af6441b391995e96bf93492c102cd299d32
-
SHA512
d235720162a5095ebeff007dd9e90aac652e3e97bc7f990730f3354d8a4d10f10c0fcb1ea1a8689c78ac7dff3e7977eba2fc3a2a8da873e5f6679374df15a52e
Static task
static1
Behavioral task
behavioral1
Sample
PO 181084.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PO 181084.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
warzonerat
158.69.115.206:5200
Targets
-
-
Target
PO 181084.exe
-
Size
643KB
-
MD5
e61dffb557266167a4b9c244c8c8a699
-
SHA1
7e0b819ba7163f7837a5fedb9d4f0cf28050a02b
-
SHA256
20573eab37017ad0c5ad37228fdcc5e6f5c64dddbb275f50ee4dcc8dc3d43145
-
SHA512
4bc7d31c2b701eb6350c8eb14f9b7c9e9671482d487962474f8ea061b8bd7bac27165321e4837880ff7a103e9c32ae2c74f135daf43847f9e5748969c7b0a1f6
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-