General
-
Target
27fd2ab0bbd65cbe5625932fa7ab1f484a06cbdff8868129f10cd92321d99daf
-
Size
951KB
-
Sample
220923-g92xxaddb9
-
MD5
87b246b26208a9831a4372664c518c2c
-
SHA1
1599cbf0ee49dcb787866fbb7c297094ecd3ab4f
-
SHA256
27fd2ab0bbd65cbe5625932fa7ab1f484a06cbdff8868129f10cd92321d99daf
-
SHA512
4e7f5a217dbcd34eaadf867cd75acb23ae01730794ae8ac23a2428be5160fa8dff78b5b3e202a1e898e73126cea4fe19bf6a9f6457d136433d61e16435d69ff1
-
SSDEEP
12288:ahLuyAHrR2ZEgL6+8ik8VuLCBTodngkt8OsyqAx+NbqzjMRZeFoTPo:ahLuyyNmadFdgsF+NZRZeFgo
Static task
static1
Behavioral task
behavioral1
Sample
27fd2ab0bbd65cbe5625932fa7ab1f484a06cbdff8868129f10cd92321d99daf.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
warzonerat
20.126.95.155:7800
Targets
-
-
Target
27fd2ab0bbd65cbe5625932fa7ab1f484a06cbdff8868129f10cd92321d99daf
-
Size
951KB
-
MD5
87b246b26208a9831a4372664c518c2c
-
SHA1
1599cbf0ee49dcb787866fbb7c297094ecd3ab4f
-
SHA256
27fd2ab0bbd65cbe5625932fa7ab1f484a06cbdff8868129f10cd92321d99daf
-
SHA512
4e7f5a217dbcd34eaadf867cd75acb23ae01730794ae8ac23a2428be5160fa8dff78b5b3e202a1e898e73126cea4fe19bf6a9f6457d136433d61e16435d69ff1
-
SSDEEP
12288:ahLuyAHrR2ZEgL6+8ik8VuLCBTodngkt8OsyqAx+NbqzjMRZeFoTPo:ahLuyyNmadFdgsF+NZRZeFgo
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-