General
-
Target
tmp
-
Size
1020KB
-
Sample
221214-kdaqbscc9y
-
MD5
e4fb6c7e51bf2beb7402650a3d67cd9b
-
SHA1
e5fea12a922ee31eb8099998d853afcc8f0d72bc
-
SHA256
8f7da14fee95ca716abd30480f085c63547723ce9c3049a5a838b7da5fed3604
-
SHA512
8c8a78c9cb7f11fafdc8f99c26b93046d22d7a7e011b7f146342f2fa4a0cdd2df65b93c010e6852d062f5afe1cc9a65b92f79775fe011fde56cd8c830fe5ae5d
-
SSDEEP
24576:VrfMpFtQrYp+czgKNFsXrhlEs1s73Q3GS3H7v:C8Gv78hSQs7oP3L
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
tmp.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
tmp
-
Size
1020KB
-
MD5
e4fb6c7e51bf2beb7402650a3d67cd9b
-
SHA1
e5fea12a922ee31eb8099998d853afcc8f0d72bc
-
SHA256
8f7da14fee95ca716abd30480f085c63547723ce9c3049a5a838b7da5fed3604
-
SHA512
8c8a78c9cb7f11fafdc8f99c26b93046d22d7a7e011b7f146342f2fa4a0cdd2df65b93c010e6852d062f5afe1cc9a65b92f79775fe011fde56cd8c830fe5ae5d
-
SSDEEP
24576:VrfMpFtQrYp+czgKNFsXrhlEs1s73Q3GS3H7v:C8Gv78hSQs7oP3L
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-