General
-
Target
1978a07d1ccf042531af3f62bc5228df04f10c9b9b0a6a61ebc98df839bec2f6.exe
-
Size
293KB
-
Sample
221109-p1fx3saefj
-
MD5
c39e109ba4d5c3d70f28b118f6b7492c
-
SHA1
06acfb0e75f00480cdde224aac25a7987b24fec5
-
SHA256
1978a07d1ccf042531af3f62bc5228df04f10c9b9b0a6a61ebc98df839bec2f6
-
SHA512
99aa51a58f6ff32004899b05f5afdf8f71044dbb9e750e04e31004726faea98445a0ceb9c7fccc603cccc84f56cd048744be090e77b365e9353a99bebbb02cc1
-
SSDEEP
6144:72GhN2db088fTdUuNU0we+HPps1zcJLVPzGKl5vGlEjqNHk:72iNG088fTWsU0wJBsGJPf
Static task
static1
Behavioral task
behavioral1
Sample
1978a07d1ccf042531af3f62bc5228df04f10c9b9b0a6a61ebc98df839bec2f6.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
1978a07d1ccf042531af3f62bc5228df04f10c9b9b0a6a61ebc98df839bec2f6.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
warzonerat
168.61.222.215:5400
Targets
-
-
Target
1978a07d1ccf042531af3f62bc5228df04f10c9b9b0a6a61ebc98df839bec2f6.exe
-
Size
293KB
-
MD5
c39e109ba4d5c3d70f28b118f6b7492c
-
SHA1
06acfb0e75f00480cdde224aac25a7987b24fec5
-
SHA256
1978a07d1ccf042531af3f62bc5228df04f10c9b9b0a6a61ebc98df839bec2f6
-
SHA512
99aa51a58f6ff32004899b05f5afdf8f71044dbb9e750e04e31004726faea98445a0ceb9c7fccc603cccc84f56cd048744be090e77b365e9353a99bebbb02cc1
-
SSDEEP
6144:72GhN2db088fTdUuNU0we+HPps1zcJLVPzGKl5vGlEjqNHk:72iNG088fTWsU0wJBsGJPf
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-