General
-
Target
d24dd6cd68f406d083ebc0690537254dcaabfd26ef4987dd6c2cc99c29be277e
-
Size
273KB
-
Sample
221122-kgjgmsah6y
-
MD5
8f89c4cd81384874cea3378488944245
-
SHA1
90c98a9054c4bcb4efda2909471c131e9e00e677
-
SHA256
d24dd6cd68f406d083ebc0690537254dcaabfd26ef4987dd6c2cc99c29be277e
-
SHA512
6749590466ea7f2e3c8441ac5eb1d8ef8f87b066cf6eb904fd8140f111d9e817e6fbe275c74f2280cb311ac97a1288e62d6192abca5a4968a649a316d27557c3
-
SSDEEP
6144:5C1jvMtY4JotTOrgs0GVzu6oz4HdCVdKrL42oJ8L:5C1j8Y4JGOkAlLozedCi/p
Static task
static1
Behavioral task
behavioral1
Sample
d24dd6cd68f406d083ebc0690537254dcaabfd26ef4987dd6c2cc99c29be277e.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
d24dd6cd68f406d083ebc0690537254dcaabfd26ef4987dd6c2cc99c29be277e.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
warzonerat
chinagov.duckdns.org:5202
Targets
-
-
Target
d24dd6cd68f406d083ebc0690537254dcaabfd26ef4987dd6c2cc99c29be277e
-
Size
273KB
-
MD5
8f89c4cd81384874cea3378488944245
-
SHA1
90c98a9054c4bcb4efda2909471c131e9e00e677
-
SHA256
d24dd6cd68f406d083ebc0690537254dcaabfd26ef4987dd6c2cc99c29be277e
-
SHA512
6749590466ea7f2e3c8441ac5eb1d8ef8f87b066cf6eb904fd8140f111d9e817e6fbe275c74f2280cb311ac97a1288e62d6192abca5a4968a649a316d27557c3
-
SSDEEP
6144:5C1jvMtY4JotTOrgs0GVzu6oz4HdCVdKrL42oJ8L:5C1j8Y4JGOkAlLozedCi/p
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Drops startup file
-
Suspicious use of SetThreadContext
-