warzonerat | 9a9403b17e9320abd92be4e6f9bd003b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9a9403b17e9320abd92be4e6f9bd003b
Size

616KB
MD5

9a9403b17e9320abd92be4e6f9bd003b
SHA1

fe4870a8afba742f7b7929e6f1635d6625fd619a
SHA256

f39ab4435d56184a143a55aaf080d672d3695f101e4516a31b89b465906e3fb0
SHA512

1dbd823e525eee33ea47a3851862277c61a1bd301a5059fe7de80ddd86e162bf6e6f3969d20a91055f76e6e3b5538e39019cb8335f59973310d69b2d772d7609
SSDEEP

12288:kwqYSESaeJmnk7iLJbpIpiRL6I2WhSKQ9ZsfZQS6n9g:kwRSESaeXiLJbpI7I2WhQqZ769g

Score

10^/10

rat warzonerat remcos

Malware Config

Signatures

Remcos family
remcos

Warzone RAT payload 1 IoCs

resource	yara_rule
sample	warzonerat

Warzonerat family
warzonerat

Files

9a9403b17e9320abd92be4e6f9bd003b
.exe windows x86

be63889866f6bba2109402ee273e5652

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord667
ord526
DllFunctionCall
__vbaExceptHandler
ord711
ProcCallEngine
ord100

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 812B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 608KB - Virtual size: 604KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ