General
-
Target
SecuriteInfo.com.Win32.RATX-gen.3212.5858.exe
-
Size
60KB
-
Sample
221201-d2hyaaah26
-
MD5
8c4b7521e74a3960a77f70f53179670e
-
SHA1
c775546bdb0e2d4401e391d075cfcc0b863c8774
-
SHA256
cea6d4fbb54e357c9c62deab33a97e5e94b91f7f95a39a6e5daf5dd69133b6d7
-
SHA512
c683bb89b0301f330a22609c4b810c241a63964c53f4c9ae544f89d356009977714e70d8b9481bc89055c760a0a6de45dbe5b9d55ab3b432b71ddad1e643e1a7
-
SSDEEP
1536:/iyl1nZJJMZ4jTjx6WZG/YGcO/R4UMz5Tu:/iybnBGc1u
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.RATX-gen.3212.5858.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Win32.RATX-gen.3212.5858.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
SecuriteInfo.com.Win32.RATX-gen.3212.5858.exe
-
Size
60KB
-
MD5
8c4b7521e74a3960a77f70f53179670e
-
SHA1
c775546bdb0e2d4401e391d075cfcc0b863c8774
-
SHA256
cea6d4fbb54e357c9c62deab33a97e5e94b91f7f95a39a6e5daf5dd69133b6d7
-
SHA512
c683bb89b0301f330a22609c4b810c241a63964c53f4c9ae544f89d356009977714e70d8b9481bc89055c760a0a6de45dbe5b9d55ab3b432b71ddad1e643e1a7
-
SSDEEP
1536:/iyl1nZJJMZ4jTjx6WZG/YGcO/R4UMz5Tu:/iybnBGc1u
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Drops startup file
-
Suspicious use of SetThreadContext
-