General
-
Target
40d5841a10b986052b4f2a579c0a33848964cecf7998ac18ccd506df909f32e8
-
Size
812KB
-
Sample
221210-bevmfshe6v
-
MD5
86dc25e8e10328d87df1944587b75908
-
SHA1
64e45d8c0e68a6d7c2e9f710fd9fd5c38debebef
-
SHA256
40d5841a10b986052b4f2a579c0a33848964cecf7998ac18ccd506df909f32e8
-
SHA512
e2bfd40463df2e054ea8df14c5bc6642857bf2ff42d174ce1f38004e5edd7665060db1328658771c0287a6b5706b56ebd50553527e953ecaae01d434f690ec22
-
SSDEEP
12288:woQgKZ/nXt7virmWhlGLaQYIhh3PMWNtR9UWl9HypxErgPq7gw+xSdPxwJ1QODoT:g02r9HE0X7tgSOcghEh
Static task
static1
Behavioral task
behavioral1
Sample
40d5841a10b986052b4f2a579c0a33848964cecf7998ac18ccd506df909f32e8.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
40d5841a10b986052b4f2a579c0a33848964cecf7998ac18ccd506df909f32e8.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
warzonerat
51.178.11.185:5200
Targets
-
-
Target
40d5841a10b986052b4f2a579c0a33848964cecf7998ac18ccd506df909f32e8
-
Size
812KB
-
MD5
86dc25e8e10328d87df1944587b75908
-
SHA1
64e45d8c0e68a6d7c2e9f710fd9fd5c38debebef
-
SHA256
40d5841a10b986052b4f2a579c0a33848964cecf7998ac18ccd506df909f32e8
-
SHA512
e2bfd40463df2e054ea8df14c5bc6642857bf2ff42d174ce1f38004e5edd7665060db1328658771c0287a6b5706b56ebd50553527e953ecaae01d434f690ec22
-
SSDEEP
12288:woQgKZ/nXt7virmWhlGLaQYIhh3PMWNtR9UWl9HypxErgPq7gw+xSdPxwJ1QODoT:g02r9HE0X7tgSOcghEh
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-