General
-
Target
0cae9f651145e402f998e3a8a667b031.exe
-
Size
391KB
-
Sample
221205-k9lsgaee82
-
MD5
0cae9f651145e402f998e3a8a667b031
-
SHA1
e2ec187f426ea2601868916da80e62839e30c99a
-
SHA256
0d55e06cd828379885488ae1eba557d8e92d146aa3c1186801846a52a3a0af71
-
SHA512
928604e9f28b7827ab67209c6ae73aa6f1e2e442ea427cb135870fbba00021df5844be7063bf839507ad3081e068f7b7e36f802849b48145b858f9fcae68827f
-
SSDEEP
6144:HBnAU1X9Tel6FV4aURtm1r0yACZTInUXYbIyn:WU1+6FV490r0yACOIYd
Static task
static1
Behavioral task
behavioral1
Sample
0cae9f651145e402f998e3a8a667b031.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
0cae9f651145e402f998e3a8a667b031.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
warzonerat
revive147.duckdns.org:6513
Targets
-
-
Target
0cae9f651145e402f998e3a8a667b031.exe
-
Size
391KB
-
MD5
0cae9f651145e402f998e3a8a667b031
-
SHA1
e2ec187f426ea2601868916da80e62839e30c99a
-
SHA256
0d55e06cd828379885488ae1eba557d8e92d146aa3c1186801846a52a3a0af71
-
SHA512
928604e9f28b7827ab67209c6ae73aa6f1e2e442ea427cb135870fbba00021df5844be7063bf839507ad3081e068f7b7e36f802849b48145b858f9fcae68827f
-
SSDEEP
6144:HBnAU1X9Tel6FV4aURtm1r0yACZTInUXYbIyn:WU1+6FV490r0yACOIYd
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-