General
-
Target
91054318.exe
-
Size
967KB
-
Sample
221003-hr3bdsdghk
-
MD5
dfc8fe939a5c394155c499b3e19e9ff1
-
SHA1
e95fa2f0df08602e9f6facdb7bc29534009d1097
-
SHA256
2c63b4926ec8ca28ade534c72cf11a63db6f55882d08a1f97575e88986209838
-
SHA512
4b7dfa930e150f1308656ccf6543d98b3f7f707f1d684a354220dcd81719917f3399a51777cf4b79b2588568bae8d62f094d21bcd8c24446b9114e1945be7585
-
SSDEEP
12288:zTSdH+44q6dT7XUQAWqrbwrvId4UIMYLF2wixc0Nq6JgpVXM/mjNtRGKi:HYv4HEQAWFIzLYLF2JG+qyj/wRGKi
Static task
static1
Behavioral task
behavioral1
Sample
91054318.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
91054318.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
warzonerat
willia2.ddns.net:4120
Targets
-
-
Target
91054318.exe
-
Size
967KB
-
MD5
dfc8fe939a5c394155c499b3e19e9ff1
-
SHA1
e95fa2f0df08602e9f6facdb7bc29534009d1097
-
SHA256
2c63b4926ec8ca28ade534c72cf11a63db6f55882d08a1f97575e88986209838
-
SHA512
4b7dfa930e150f1308656ccf6543d98b3f7f707f1d684a354220dcd81719917f3399a51777cf4b79b2588568bae8d62f094d21bcd8c24446b9114e1945be7585
-
SSDEEP
12288:zTSdH+44q6dT7XUQAWqrbwrvId4UIMYLF2wixc0Nq6JgpVXM/mjNtRGKi:HYv4HEQAWFIzLYLF2JG+qyj/wRGKi
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-