General
-
Target
SecuriteInfo.com.BackDoor.SpyBotNET.25.25959.148.exe
-
Size
600KB
-
Sample
221205-rt6ahace3v
-
MD5
acb5d1aa66f884caad2322ff8f15d58f
-
SHA1
65aee8d9e488c32e48c834606bfd85cb2e079acf
-
SHA256
b222eba2cd4a7a37d8b38083130df60200958d6cd0175c8e827e30a6b434c452
-
SHA512
aa36a100b148eaebb2558b65e385519c089c0f31039f92d8ec869c3668f4802b883c47f50ededbea3411ef502fc9dd229212509550318014b0039cfd23973b8d
-
SSDEEP
12288:ZPuYd+V6b1momPZefIG++j2iTM4dvExQmpzmxF44fHOAMwRkZk+KCXWWyD:ZPuYd+V6bIomxiIGq1SvEW8mxF44fKwi
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.BackDoor.SpyBotNET.25.25959.148.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.BackDoor.SpyBotNET.25.25959.148.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
SecuriteInfo.com.BackDoor.SpyBotNET.25.25959.148.exe
-
Size
600KB
-
MD5
acb5d1aa66f884caad2322ff8f15d58f
-
SHA1
65aee8d9e488c32e48c834606bfd85cb2e079acf
-
SHA256
b222eba2cd4a7a37d8b38083130df60200958d6cd0175c8e827e30a6b434c452
-
SHA512
aa36a100b148eaebb2558b65e385519c089c0f31039f92d8ec869c3668f4802b883c47f50ededbea3411ef502fc9dd229212509550318014b0039cfd23973b8d
-
SSDEEP
12288:ZPuYd+V6b1momPZefIG++j2iTM4dvExQmpzmxF44fHOAMwRkZk+KCXWWyD:ZPuYd+V6bIomxiIGq1SvEW8mxF44fKwi
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-