General
-
Target
29eb8de37b6564e980786299173d991df78cd129462e60da8bb88390b9acd52a
-
Size
411KB
-
Sample
221213-h1j66sgh5w
-
MD5
f799facdb7eb292aa0ca75a7671c1eff
-
SHA1
6e71d6a9483c151583e63ab68b38f0e31f9137b8
-
SHA256
29eb8de37b6564e980786299173d991df78cd129462e60da8bb88390b9acd52a
-
SHA512
976b7ceddc1fb79ad8a8b3ca97a9aa678cf94c919108563cac3aa4b40f03015a1e81206065b907756336f67b1320714fc11aefb444f1147b59a5632bbf8efc31
-
SSDEEP
12288:TLlywAmqb3eipzVimC3Tfec1ly3a1m/8wsLylxWJnR:HlyCqqIYTmc1rZ
Malware Config
Extracted
warzonerat
www.dnuocc.com:5287
Targets
-
-
Target
29eb8de37b6564e980786299173d991df78cd129462e60da8bb88390b9acd52a
-
Size
411KB
-
MD5
f799facdb7eb292aa0ca75a7671c1eff
-
SHA1
6e71d6a9483c151583e63ab68b38f0e31f9137b8
-
SHA256
29eb8de37b6564e980786299173d991df78cd129462e60da8bb88390b9acd52a
-
SHA512
976b7ceddc1fb79ad8a8b3ca97a9aa678cf94c919108563cac3aa4b40f03015a1e81206065b907756336f67b1320714fc11aefb444f1147b59a5632bbf8efc31
-
SSDEEP
12288:TLlywAmqb3eipzVimC3Tfec1ly3a1m/8wsLylxWJnR:HlyCqqIYTmc1rZ
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Drops startup file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-