warzonerat | memdump[.]dll | Triage

Sharing

General

Target

memdump.dll
Size

104KB
MD5

79f16e98cd6c8e72791bf7c9af6375a6
SHA1

d0decae915af7434e542a790e6c3785dfed05d19
SHA256

c14a03520965659a1f457a209bba053861048059f8ceea9c73c3bef347b58a16
SHA512

53111106a2dcacc1e32ecad0b82fc93e24f1698b1bbfb9da0488ec8bf20739258ecc45415d6e2449cf416f9fa314f58e20f92d7d92f88380a16433aeee41d398
SSDEEP

1536:h0jP7/L1B5rVmN8sxHv2M28ix8EUaJxWg2B4u0OVE01:K1VmhaH8EFvWg20OVE0

Score

10^/10

rat warzonerat

Malware Config

Signatures

Warzone RAT payload 1 IoCs
rat

Processes:

resource yara_rule

sample warzonerat
Warzonerat family
warzonerat

Files

memdump.dll
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.bss
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ