General
-
Target
212b1e774e310dbe4e92b01854f31d53.exe.vir
-
Size
1.8MB
-
Sample
220703-kej1dscafq
-
MD5
8dabf738b94f546d629b31d470030fa0
-
SHA1
9d7fd51b838445c916caa9e55039c9051ce75943
-
SHA256
5bf69c13e82d68888f0474505d75f49989359cf6934194fc45abc22695ccf0f7
-
SHA512
1998260ba729ca20469753c04be48b2b83c2d5c505a27d56b2f1a16b91bbf2177a753f3378cdf249df5de5d786721e52f9f5e7b93616b5536be6f936dae05fe4
Static task
static1
Behavioral task
behavioral1
Sample
212b1e774e310dbe4e92b01854f31d53.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
212b1e774e310dbe4e92b01854f31d53.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
warzonerat
workstation2022.ddns.net:5254
Targets
-
-
Target
212b1e774e310dbe4e92b01854f31d53.exe.vir
-
Size
1.8MB
-
MD5
8dabf738b94f546d629b31d470030fa0
-
SHA1
9d7fd51b838445c916caa9e55039c9051ce75943
-
SHA256
5bf69c13e82d68888f0474505d75f49989359cf6934194fc45abc22695ccf0f7
-
SHA512
1998260ba729ca20469753c04be48b2b83c2d5c505a27d56b2f1a16b91bbf2177a753f3378cdf249df5de5d786721e52f9f5e7b93616b5536be6f936dae05fe4
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Warzone RAT Payload
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-