warzonerat | 1692-66-0x0000000000400000-0x000000000041D000-memory[.]dmp | Triage

Sharing

General

Target

1692-66-0x0000000000400000-0x000000000041D000-memory.dmp
Size

116KB
MD5

0aa39a4795861c09e4ddeca4dcae0fa9
SHA1

f847dec7d30776e879b07841cc655bea4aca535a
SHA256

4c5808aee25ee1953d9693914cd9f6592edfdd347aa8caf17484941a0d652f78
SHA512

925b1fd031da5d375147349788e96b333a9962f30028f45904c4f1f4bacad9c9dd2f370a872dfbc9623ef6ef3151da1140556f54697f0118adf2d31b5b1a9262
SSDEEP

1536:5Csejmb+6BQyusX1UjtA0uWRf/elocq9T1jVEyiE:AtD6jSm0uWRfCohTjVEJE

Score

10^/10

rat warzonerat

Malware Config

Extracted

Family

warzonerat

C2

revive147.duckdns.org:6513

Signatures

Warzone RAT payload 1 IoCs
rat

Processes:

resource yara_rule

sample warzonerat
Warzonerat family
warzonerat

Files

1692-66-0x0000000000400000-0x000000000041D000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.bss
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ