General
-
Target
3edfe0ac175805780137e3fb3f7e59fb221cb8586bfecdabc4325c3f055cb9ef
-
Size
834KB
-
Sample
221205-eked7sdd52
-
MD5
31a2b08874779d70105aa700d142c4b0
-
SHA1
cc35daa5dcdd165629ab831c27c09645adc5b664
-
SHA256
3edfe0ac175805780137e3fb3f7e59fb221cb8586bfecdabc4325c3f055cb9ef
-
SHA512
09306da90a24735eeede12e62a9fcb8caf65c59f2e9f39963968a51bf6f1c663336c588ea8fed33c78afebd1b5511f4edbd1bce3c31056744695be2f88debf48
-
SSDEEP
12288:CcQcig3KvE+PLc2z8H+Byip9SE8cLPnwrjwodkg586aWHff:pQZgl8LbyipUrKYLdB5O8f
Static task
static1
Behavioral task
behavioral1
Sample
3edfe0ac175805780137e3fb3f7e59fb221cb8586bfecdabc4325c3f055cb9ef.exe
Resource
win10-20220812-en
Malware Config
Targets
-
-
Target
3edfe0ac175805780137e3fb3f7e59fb221cb8586bfecdabc4325c3f055cb9ef
-
Size
834KB
-
MD5
31a2b08874779d70105aa700d142c4b0
-
SHA1
cc35daa5dcdd165629ab831c27c09645adc5b664
-
SHA256
3edfe0ac175805780137e3fb3f7e59fb221cb8586bfecdabc4325c3f055cb9ef
-
SHA512
09306da90a24735eeede12e62a9fcb8caf65c59f2e9f39963968a51bf6f1c663336c588ea8fed33c78afebd1b5511f4edbd1bce3c31056744695be2f88debf48
-
SSDEEP
12288:CcQcig3KvE+PLc2z8H+Byip9SE8cLPnwrjwodkg586aWHff:pQZgl8LbyipUrKYLdB5O8f
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-