General
-
Target
f6b748b16c33e91dd7cdd128ab0917cd.exe
-
Size
171KB
-
Sample
221202-wcbf1sde9z
-
MD5
f6b748b16c33e91dd7cdd128ab0917cd
-
SHA1
6b3762c4507f52dff97ec34bae4a16a5d876ab1a
-
SHA256
259fff7281f53b0dcb4ba5b9a1e4323f414e2a43496aff5cb32c1b8b50db773c
-
SHA512
ca04fd9616de8a2253d396e1d70fe2b2c1bd23d98e413bc0f8821f5c75e5b515fb675e62ffb40bf115ae3b06c4c50e36e63ba87818f3c19a781d5753c061f413
-
SSDEEP
3072:QEhKzShSycSMjk/CFpQUWbNUEp0afqf/T9xjj4fAA0/oPQ3A8JHVZ:QBn1j6CFyUONUEp3Ox5cAf/oPQzN
Static task
static1
Behavioral task
behavioral1
Sample
f6b748b16c33e91dd7cdd128ab0917cd.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
f6b748b16c33e91dd7cdd128ab0917cd.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
warzonerat
revive147.duckdns.org:6513
Targets
-
-
Target
f6b748b16c33e91dd7cdd128ab0917cd.exe
-
Size
171KB
-
MD5
f6b748b16c33e91dd7cdd128ab0917cd
-
SHA1
6b3762c4507f52dff97ec34bae4a16a5d876ab1a
-
SHA256
259fff7281f53b0dcb4ba5b9a1e4323f414e2a43496aff5cb32c1b8b50db773c
-
SHA512
ca04fd9616de8a2253d396e1d70fe2b2c1bd23d98e413bc0f8821f5c75e5b515fb675e62ffb40bf115ae3b06c4c50e36e63ba87818f3c19a781d5753c061f413
-
SSDEEP
3072:QEhKzShSycSMjk/CFpQUWbNUEp0afqf/T9xjj4fAA0/oPQ3A8JHVZ:QBn1j6CFyUONUEp3Ox5cAf/oPQzN
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-