General
-
Target
b32a1e21f9941f2e70fac915af9cea3add6f859b8ccca73cc5aadf369af3ae1c
-
Size
153KB
-
Sample
220728-k41z7sefgm
-
MD5
74cf39132e2b3d825a2f6c0b9cd4ba90
-
SHA1
df674c8c6156698be10c0285fb3bc56a2daab533
-
SHA256
b32a1e21f9941f2e70fac915af9cea3add6f859b8ccca73cc5aadf369af3ae1c
-
SHA512
a6794a1b3ee3a374724a25a092f855460c9fc5cba002f7b414152ca8314ecaf1ee97b1e79d2c69cf768a589367a1af22ae49cf882a24558c3bde9e7b37de8d06
Behavioral task
behavioral1
Sample
b32a1e21f9941f2e70fac915af9cea3add6f859b8ccca73cc5aadf369af3ae1c.exe
Resource
win10-20220718-en
Malware Config
Extracted
warzonerat
dropy1.ddns.net:5200
Targets
-
-
Target
b32a1e21f9941f2e70fac915af9cea3add6f859b8ccca73cc5aadf369af3ae1c
-
Size
153KB
-
MD5
74cf39132e2b3d825a2f6c0b9cd4ba90
-
SHA1
df674c8c6156698be10c0285fb3bc56a2daab533
-
SHA256
b32a1e21f9941f2e70fac915af9cea3add6f859b8ccca73cc5aadf369af3ae1c
-
SHA512
a6794a1b3ee3a374724a25a092f855460c9fc5cba002f7b414152ca8314ecaf1ee97b1e79d2c69cf768a589367a1af22ae49cf882a24558c3bde9e7b37de8d06
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Executes dropped EXE
-
Adds Run key to start application
-