warzonerat | 1224-70-0x0000000000400000-0x0000000000615000-memory[.]dmp | Triage

Sharing

General

Target

1224-70-0x0000000000400000-0x0000000000615000-memory.dmp
Size

2.1MB
MD5

5a1deb2bcfc0936a910737598b23acc0
SHA1

f6b50402680c698f176999de0a95bc09ef15536e
SHA256

3ec58a9bca5bc8609aea2ceef71a026e6c4f388cf11ffc0f4fcbe898197a1f80
SHA512

60be1000bdee6fdc38149616fd63823710dc5f9b5b8797f0444618323cc1be09964f1455e45c149cbdcc6cef16cd89670cb34e188c6c79c3bfbc1b90f5f7e2ea
SSDEEP

3072:WzPtbXqn6aR97tie5Niae2vl23G3Fzy+fz8LTDh1:Wz1bXq6aR97ViJ2vlz9y+fz8LTv

Score

10^/10

rat warzonerat

Malware Config

Signatures

Warzone RAT payload 1 IoCs

resource	yara_rule
sample	warzonerat

Warzonerat family
warzonerat

Files

1224-70-0x0000000000400000-0x0000000000615000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 146KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.bss
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ