General
-
Target
SecuriteInfo.com.Trojan.Packed2.44634.17765.24538.exe
-
Size
1.0MB
-
Sample
221122-jbtjzshd4v
-
MD5
f04166afa495da9508533f79298a1305
-
SHA1
40bdae12a79f798154d33f2d20b8f48181fb6bd3
-
SHA256
f6f0e997dfa84a4d496db847f2f1f60b1d909957da2b861ca22d4d199571be73
-
SHA512
33ab08f4155deb076744cdcf11f678cf29386c25fe9ff158e264ffef341dbf49bb736ccdc1a8e372459c99176cfba569cb8fb028146e0f637124ffca74733c94
-
SSDEEP
24576:MM+L74mBfNUstzovQx/04QshUR6gobjTsOm6zNXd23r8JN:e/04mBoLsObzNXkI
Malware Config
Extracted
warzonerat
45.61.175.241:934
Targets
-
-
Target
SecuriteInfo.com.Trojan.Packed2.44634.17765.24538.exe
-
Size
1.0MB
-
MD5
f04166afa495da9508533f79298a1305
-
SHA1
40bdae12a79f798154d33f2d20b8f48181fb6bd3
-
SHA256
f6f0e997dfa84a4d496db847f2f1f60b1d909957da2b861ca22d4d199571be73
-
SHA512
33ab08f4155deb076744cdcf11f678cf29386c25fe9ff158e264ffef341dbf49bb736ccdc1a8e372459c99176cfba569cb8fb028146e0f637124ffca74733c94
-
SSDEEP
24576:MM+L74mBfNUstzovQx/04QshUR6gobjTsOm6zNXd23r8JN:e/04mBoLsObzNXkI
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-