General
-
Target
8a810c641ff22a6031ba8d80364e5b8d5a666757ff6f3b6c708562b9d25fba10
-
Size
1.6MB
-
Sample
220521-xa85yabdb4
-
MD5
1493fb3f5c81b02606552deb259e8cdc
-
SHA1
7af8a9581a5f245113ff51556af02e5b79bffe7b
-
SHA256
8a810c641ff22a6031ba8d80364e5b8d5a666757ff6f3b6c708562b9d25fba10
-
SHA512
2232c4a82ad584aba391afea7c833e19a95e0b02371ddf4c1dab1107ce26d0eeddb750fc642be2d48d47c4549f95bf3b06fcf118eef6e324a7c0d78e5cd0a398
Static task
static1
Behavioral task
behavioral1
Sample
ORDER_23.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
ORDER_23.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
warzonerat
afada.duckdns.org:52001
Targets
-
-
Target
ORDER_23.EXE
-
Size
1.0MB
-
MD5
82dc8466aec29d8b7ea1b7e61544237e
-
SHA1
2a6d1c5e7f9b13d498a0fa809455a634a086b782
-
SHA256
b10488bbd95fcf6ddad889eaefb6a7585a41071d24062bd0894ce6a5fc6eab87
-
SHA512
1fe96375ce222a78b60491261ef7fc3db9d5de20d9865ad36253aceaaaa277e6065c79e43b2a3cb6c5b68c618bf0b4c36ceb082e5e201ca5ac8dfcf07ca6de9b
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-