General
-
Target
5db7976a06c896dce4c2749d697b9b265d2d4f40c739b600fdd8ffc02c208c4f
-
Size
988KB
-
Sample
220724-z6ebjsggc4
-
MD5
d03ba9e213edd46a343511e079637126
-
SHA1
5ce61b2a7b537ef63784084a1b0a26fd7d7fbd44
-
SHA256
5db7976a06c896dce4c2749d697b9b265d2d4f40c739b600fdd8ffc02c208c4f
-
SHA512
302c6e6bbb72241ac7e759be24b8c737ac41c90cb6af02f734aba98489dce8b571ef17d3b99b4e64ce3df435f585f5e14f4f781e11343ff2aa126d0d99312eaa
Malware Config
Extracted
warzonerat
43.226.229.43:2031
Targets
-
-
Target
5db7976a06c896dce4c2749d697b9b265d2d4f40c739b600fdd8ffc02c208c4f
-
Size
988KB
-
MD5
d03ba9e213edd46a343511e079637126
-
SHA1
5ce61b2a7b537ef63784084a1b0a26fd7d7fbd44
-
SHA256
5db7976a06c896dce4c2749d697b9b265d2d4f40c739b600fdd8ffc02c208c4f
-
SHA512
302c6e6bbb72241ac7e759be24b8c737ac41c90cb6af02f734aba98489dce8b571ef17d3b99b4e64ce3df435f585f5e14f4f781e11343ff2aa126d0d99312eaa
Score10/10-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-