General
-
Target
de470a6ebe74b1f43aacda87b2655c13f221544c11606decc06e6a6cfacab1b5
-
Size
418KB
-
Sample
220521-xzxhfacgg4
-
MD5
032c959f179e2f8a7a754b90b69ddde5
-
SHA1
b245639baaee90c6745482f99d411438e2ba41f0
-
SHA256
de470a6ebe74b1f43aacda87b2655c13f221544c11606decc06e6a6cfacab1b5
-
SHA512
de4c6250f21ad34cada4ad5a8734565a7fe4e560d9de231d7043431be8e6a52c59c79c02caf77e8a4fb31b618344e9d763ac014ae62e03a0fba88548590c1b25
Static task
static1
Behavioral task
behavioral1
Sample
scan001.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
scan001.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
warzonerat
79.134.225.34:5200
Targets
-
-
Target
scan001.exe
-
Size
1.3MB
-
MD5
dec59124b7990c19313cec352f47414f
-
SHA1
84769168287f5f3c9a9467b129eee606c452f0dc
-
SHA256
2c17ec053eeef1daed652560bd9bd8672fd2bd160595f998f87c017b3c7095c5
-
SHA512
55072103d13191e1e78b491b6e6ec3ab681f14342273158fedef4042d1822e0938bbf86213be8667cf0174c4720a56844e8cbac55bdfa2138e58d459a2d38997
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-