General
-
Target
8637ff13ee0653cfe574b2b9a9429f3124d16fca44d606432b6739c3d40a126c
-
Size
974KB
-
Sample
221202-es5lcscd98
-
MD5
7200b3d4fec8a77e6c8ba92f80e3ce30
-
SHA1
5af6cf29dd856ef42917c9218b9dd61f8406b530
-
SHA256
8637ff13ee0653cfe574b2b9a9429f3124d16fca44d606432b6739c3d40a126c
-
SHA512
1243d07db82f29c6afa508ef178996d3bad58d7848c15b6375a873fad0f57bb33ba35679e41d8b48b05c45f0ababe79a4b06e52e8c16d20cbc4f5b3875e46d02
-
SSDEEP
12288:lohgh/XxywVHfpAPY5vBsfBlcfCFxUwFJiR/EZr/x5WB2lnRzIhKyS0Rt2:lsgh/XZBAo+vbFWEZTxCynRzIa2t
Static task
static1
Behavioral task
behavioral1
Sample
8637ff13ee0653cfe574b2b9a9429f3124d16fca44d606432b6739c3d40a126c.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
8637ff13ee0653cfe574b2b9a9429f3124d16fca44d606432b6739c3d40a126c
-
Size
974KB
-
MD5
7200b3d4fec8a77e6c8ba92f80e3ce30
-
SHA1
5af6cf29dd856ef42917c9218b9dd61f8406b530
-
SHA256
8637ff13ee0653cfe574b2b9a9429f3124d16fca44d606432b6739c3d40a126c
-
SHA512
1243d07db82f29c6afa508ef178996d3bad58d7848c15b6375a873fad0f57bb33ba35679e41d8b48b05c45f0ababe79a4b06e52e8c16d20cbc4f5b3875e46d02
-
SSDEEP
12288:lohgh/XxywVHfpAPY5vBsfBlcfCFxUwFJiR/EZr/x5WB2lnRzIhKyS0Rt2:lsgh/XZBAo+vbFWEZTxCynRzIa2t
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-