warzonerat | 1200-55-0x0000000000900000-0x0000000000A54000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1200-55-0x0000000000900000-0x0000000000A54000-memory.dmp
Size

1.3MB
MD5

430444301ca9f214a41e78c377fb37ad
SHA1

c973f7f889eab84d7a6458f1af5f6cf81c8ce097
SHA256

280c89f3b3e91c3d42f7a6b6bfd4e0128cfdfe41b15f4fd2edcb4dd69eab6b58
SHA512

db6d37127dd9d40ded11b4a57944ae6d15489cf901e9e88718ea1119a1e061ab7efaa1506772a408aa3c95859f4824c536da88e1fbe57f4d9d5d173d7869627c
SSDEEP

1536:9khvav+f7l71WW55nBDWMG9tl80UaJBiqi01kXBo70OVE01:uF1v5tW980l/EeGNOVE0

Score

10^/10

rat warzonerat

Malware Config

Extracted

Family

warzonerat

C2

192.3.111.154:5200

Signatures

Warzone RAT payload 1 IoCs

resource	yara_rule
sample	warzonerat

Warzonerat family
warzonerat

Files

1200-55-0x0000000000900000-0x0000000000A54000-memory.dmp
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.bss
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ