General
-
Target
e0c2e8f6366af3fc5cf7c56992d2fb084da7cb4b760eadc3744943a4eb688173.exe
-
Size
1.1MB
-
Sample
221203-ct4dksae5w
-
MD5
600086d95f02436a1ff495b74f132bac
-
SHA1
128204195977f567e07e68c8524d136b3aeead56
-
SHA256
e0c2e8f6366af3fc5cf7c56992d2fb084da7cb4b760eadc3744943a4eb688173
-
SHA512
a13365de7afda5f671124d86bb1b32a5b14a6b31538948fedaceb92740b58d1fe2d24168464357835a27599fe970e1ab4c9994f36a09ed8bb4826cfafbe373b7
-
SSDEEP
24576:BAqZRqOIRqO0xqOOI5r+ilGiTmMZiv/DXqq3oTiwAAgEEY4:BRqOO2CGiv/Wq3oTQp
Static task
static1
Behavioral task
behavioral1
Sample
e0c2e8f6366af3fc5cf7c56992d2fb084da7cb4b760eadc3744943a4eb688173.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
e0c2e8f6366af3fc5cf7c56992d2fb084da7cb4b760eadc3744943a4eb688173.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
warzonerat
91.192.100.45:7192
Targets
-
-
Target
e0c2e8f6366af3fc5cf7c56992d2fb084da7cb4b760eadc3744943a4eb688173.exe
-
Size
1.1MB
-
MD5
600086d95f02436a1ff495b74f132bac
-
SHA1
128204195977f567e07e68c8524d136b3aeead56
-
SHA256
e0c2e8f6366af3fc5cf7c56992d2fb084da7cb4b760eadc3744943a4eb688173
-
SHA512
a13365de7afda5f671124d86bb1b32a5b14a6b31538948fedaceb92740b58d1fe2d24168464357835a27599fe970e1ab4c9994f36a09ed8bb4826cfafbe373b7
-
SSDEEP
24576:BAqZRqOIRqO0xqOOI5r+ilGiTmMZiv/DXqq3oTiwAAgEEY4:BRqOO2CGiv/Wq3oTQp
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-