General
-
Target
PRODUCT DATA SHEET.exe
-
Size
480KB
-
Sample
221212-pgldfsea6v
-
MD5
a3fbbefc3844b6bda8a3bd3d097dc0f9
-
SHA1
adbd1d468e165bed2d3828b62899ef753d1d4723
-
SHA256
4e1a0a523e4ee04c32358c3299ce34aa5b6e70e45382b46baa11cbe5d32887ce
-
SHA512
9e450990b96e1bd8c0a3a7c365e3378f0921ebae9dad33d13f94fadd66e63284496cdee7c945967042986ba5bc9ac6e9c7bb84f71e96555f5e8f8c84e04329f5
-
SSDEEP
12288:ojOLHTRsDhXHZYhkISiGgtURh1e8hBl9jq:PXRs1XHZDiGgqpr/9j
Static task
static1
Behavioral task
behavioral1
Sample
PRODUCT DATA SHEET.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
PRODUCT DATA SHEET.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
warzonerat
valvesco.duckdns.org:5353
Targets
-
-
Target
PRODUCT DATA SHEET.exe
-
Size
480KB
-
MD5
a3fbbefc3844b6bda8a3bd3d097dc0f9
-
SHA1
adbd1d468e165bed2d3828b62899ef753d1d4723
-
SHA256
4e1a0a523e4ee04c32358c3299ce34aa5b6e70e45382b46baa11cbe5d32887ce
-
SHA512
9e450990b96e1bd8c0a3a7c365e3378f0921ebae9dad33d13f94fadd66e63284496cdee7c945967042986ba5bc9ac6e9c7bb84f71e96555f5e8f8c84e04329f5
-
SSDEEP
12288:ojOLHTRsDhXHZYhkISiGgtURh1e8hBl9jq:PXRs1XHZDiGgqpr/9j
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Suspicious use of SetThreadContext
-