General
-
Target
3a762352395e0d9f1910cadb10d4e227edae9ca44807455305a0ad5bc122dacf.exe
-
Size
289KB
-
Sample
221208-nyfnvshh47
-
MD5
233263c102c58bf5254047996a490096
-
SHA1
a6b0bcd4f86dc989a11947e9e9427ee84f253f85
-
SHA256
3a762352395e0d9f1910cadb10d4e227edae9ca44807455305a0ad5bc122dacf
-
SHA512
8c05a2140082fd5256bb76d3fc9d6023ede89032241e82bb4ed51b693b3bdc5ff633557e10c7b62c491158439e43311886d292db0e19bafd4c236c949a3d38f2
-
SSDEEP
6144:HBnbWzrYM0XopgVJP0+K6Yp+0mC5B8zIeXznQsUfc/1l:xWz8BJxmYm8zIgnnUfc/z
Static task
static1
Behavioral task
behavioral1
Sample
3a762352395e0d9f1910cadb10d4e227edae9ca44807455305a0ad5bc122dacf.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
3a762352395e0d9f1910cadb10d4e227edae9ca44807455305a0ad5bc122dacf.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
warzonerat
rajsavindia.hopto.org:5067
Targets
-
-
Target
3a762352395e0d9f1910cadb10d4e227edae9ca44807455305a0ad5bc122dacf.exe
-
Size
289KB
-
MD5
233263c102c58bf5254047996a490096
-
SHA1
a6b0bcd4f86dc989a11947e9e9427ee84f253f85
-
SHA256
3a762352395e0d9f1910cadb10d4e227edae9ca44807455305a0ad5bc122dacf
-
SHA512
8c05a2140082fd5256bb76d3fc9d6023ede89032241e82bb4ed51b693b3bdc5ff633557e10c7b62c491158439e43311886d292db0e19bafd4c236c949a3d38f2
-
SSDEEP
6144:HBnbWzrYM0XopgVJP0+K6Yp+0mC5B8zIeXznQsUfc/1l:xWz8BJxmYm8zIgnnUfc/z
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-