General
-
Target
3707533042d67a657b987ec153e0b5711f0c4d06377ee5143759483698bc7f48
-
Size
347KB
-
Sample
221206-j111cscd9s
-
MD5
6919d85bb10aad2b3078283f8b9108f0
-
SHA1
3a11e7ff6bf51467f197dec068b6abeb2570eb68
-
SHA256
3707533042d67a657b987ec153e0b5711f0c4d06377ee5143759483698bc7f48
-
SHA512
8dedcd2a3a684fd5e1078d6b1404479267a0b5fa5a851c5a3de65a02ccdbeef2aa2587fc69172791e125a15be4c8383a622f50abc50a45488ef1aa0ef9bcbead
-
SSDEEP
3072:HEhKzShSycb2OYLwt1LX9kC+Nl6FJT/AaUkMqpN08UKgCj6KJ4w6QonNIZ3cyV/L:HBnAU1X9Tel6FV4aURqpq1CjA/NY3fL
Static task
static1
Behavioral task
behavioral1
Sample
3707533042d67a657b987ec153e0b5711f0c4d06377ee5143759483698bc7f48.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
warzonerat
baramac.duckdns.org:6269
Targets
-
-
Target
3707533042d67a657b987ec153e0b5711f0c4d06377ee5143759483698bc7f48
-
Size
347KB
-
MD5
6919d85bb10aad2b3078283f8b9108f0
-
SHA1
3a11e7ff6bf51467f197dec068b6abeb2570eb68
-
SHA256
3707533042d67a657b987ec153e0b5711f0c4d06377ee5143759483698bc7f48
-
SHA512
8dedcd2a3a684fd5e1078d6b1404479267a0b5fa5a851c5a3de65a02ccdbeef2aa2587fc69172791e125a15be4c8383a622f50abc50a45488ef1aa0ef9bcbead
-
SSDEEP
3072:HEhKzShSycb2OYLwt1LX9kC+Nl6FJT/AaUkMqpN08UKgCj6KJ4w6QonNIZ3cyV/L:HBnAU1X9Tel6FV4aURqpq1CjA/NY3fL
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-