General
-
Target
windll32.exe
-
Size
144KB
-
Sample
221113-c9aq7sdc9t
-
MD5
64fac32b120e4ff32d2b630b034475be
-
SHA1
081605cd23a89a864fa4e4e16f00329cd9cdfc10
-
SHA256
5e47be22f5e470990084884a07f41c0f997c24ae37b26d8f41b01776bbc6588b
-
SHA512
e5febfd95602f42431ed03df46387ba95324b20f8fadb32b2fe9cfbf8ae1b740e7e6cdd3ed78db08e0ea58b9d3bfd915a0cb863cf570ce2c75ff80986a33b768
-
SSDEEP
3072:F7W9jps0Tx4azG6GweOTir5axbjNCz45LT7auXkP0N:FwpsERzGKurEXCzeLT7auX1N
Behavioral task
behavioral1
Sample
windll32.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
windll32.exe
Resource
win10-20220812-en
Malware Config
Extracted
warzonerat
162.55.126.123:1111
Targets
-
-
Target
windll32.exe
-
Size
144KB
-
MD5
64fac32b120e4ff32d2b630b034475be
-
SHA1
081605cd23a89a864fa4e4e16f00329cd9cdfc10
-
SHA256
5e47be22f5e470990084884a07f41c0f997c24ae37b26d8f41b01776bbc6588b
-
SHA512
e5febfd95602f42431ed03df46387ba95324b20f8fadb32b2fe9cfbf8ae1b740e7e6cdd3ed78db08e0ea58b9d3bfd915a0cb863cf570ce2c75ff80986a33b768
-
SSDEEP
3072:F7W9jps0Tx4azG6GweOTir5axbjNCz45LT7auXkP0N:FwpsERzGKurEXCzeLT7auX1N
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-