General
-
Target
a604be01cfee0dd2f3fdb6af8ed840668908d2dd268d2564486b4390d5eab66e
-
Size
327KB
-
Sample
221206-cq531abf2t
-
MD5
e16edffaa9687714e5f9ebb9220f44fd
-
SHA1
847f729d7d68bcb6746cc82295878b0cabf33388
-
SHA256
a604be01cfee0dd2f3fdb6af8ed840668908d2dd268d2564486b4390d5eab66e
-
SHA512
f6f74d4975cbfeab7ed269619795b7f46d818fa2409c6f42bb6d3677e0785612bc900a943ede907396289b899e2a39ed18031049bab9636b6873ed350433ba19
-
SSDEEP
6144:PBnxm/hZudIIuLpkyzypTJUwdYO+HDIG4jcE:LzdIZpkplVGfHDIHjf
Static task
static1
Behavioral task
behavioral1
Sample
a604be01cfee0dd2f3fdb6af8ed840668908d2dd268d2564486b4390d5eab66e.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
warzonerat
baramac.duckdns.org:6269
Targets
-
-
Target
a604be01cfee0dd2f3fdb6af8ed840668908d2dd268d2564486b4390d5eab66e
-
Size
327KB
-
MD5
e16edffaa9687714e5f9ebb9220f44fd
-
SHA1
847f729d7d68bcb6746cc82295878b0cabf33388
-
SHA256
a604be01cfee0dd2f3fdb6af8ed840668908d2dd268d2564486b4390d5eab66e
-
SHA512
f6f74d4975cbfeab7ed269619795b7f46d818fa2409c6f42bb6d3677e0785612bc900a943ede907396289b899e2a39ed18031049bab9636b6873ed350433ba19
-
SSDEEP
6144:PBnxm/hZudIIuLpkyzypTJUwdYO+HDIG4jcE:LzdIZpkplVGfHDIHjf
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-