General
-
Target
1bff37b3f897e8f9bdb33018eb927784167c172defed492759583d61fff39e4c
-
Size
733KB
-
Sample
221203-kgb3kaca9y
-
MD5
479d23477f4dbed3eed8e22566eb4196
-
SHA1
44ba4888a333bb611db621e1f55837f403c84536
-
SHA256
1bff37b3f897e8f9bdb33018eb927784167c172defed492759583d61fff39e4c
-
SHA512
6ed4f2d3a1bd103a043aa8f1c43daa98e22a1721eb9fb8828bed54b2a9c9f5c9a507fcca86e74f79d4b83b818fe4a2c47a63b32c1e876deab75d8c612557f632
-
SSDEEP
12288:Vctnxl9AW8CJn8QwOBasVz/Huj+s6tZ6t1kg586aWHff:udX94CJ8uDr4+ne1B5O8f
Static task
static1
Behavioral task
behavioral1
Sample
1bff37b3f897e8f9bdb33018eb927784167c172defed492759583d61fff39e4c.exe
Resource
win10v2004-20220901-en
Malware Config
Targets
-
-
Target
1bff37b3f897e8f9bdb33018eb927784167c172defed492759583d61fff39e4c
-
Size
733KB
-
MD5
479d23477f4dbed3eed8e22566eb4196
-
SHA1
44ba4888a333bb611db621e1f55837f403c84536
-
SHA256
1bff37b3f897e8f9bdb33018eb927784167c172defed492759583d61fff39e4c
-
SHA512
6ed4f2d3a1bd103a043aa8f1c43daa98e22a1721eb9fb8828bed54b2a9c9f5c9a507fcca86e74f79d4b83b818fe4a2c47a63b32c1e876deab75d8c612557f632
-
SSDEEP
12288:Vctnxl9AW8CJn8QwOBasVz/Huj+s6tZ6t1kg586aWHff:udX94CJ8uDr4+ne1B5O8f
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-