General
-
Target
ave_maria_rat.zip
-
Size
353KB
-
Sample
221214-tbpadadc31
-
MD5
1392a739900bc293e1007a362cbbdf92
-
SHA1
7729896bbfd9f5d1789c019fa7340dc42afffcef
-
SHA256
63248ad3b64bf52266f0469e79e9f1b733dc0e2882142cf2167d7970b196973a
-
SHA512
06a2b62a351e2e7fd9995d146443362c607566903b38e9e59f95ac329043e88c6b8cde5d8485e52da2439d1732d1c886e1ad660b4b89e8032f971ea7dcf60c87
-
SSDEEP
6144:qAQN94dfO4UojT8Nlp2nVnlsodt1E780/PHukfk7NcgmC8UEluifg4M:Q9KG4f8in+odG/Puks7pmC8blz9M
Static task
static1
Behavioral task
behavioral1
Sample
ave_maria_rat.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
ave_maria_rat.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
warzonerat
www.dnuocc.com:5287
Targets
-
-
Target
ave_maria_rat.exe
-
Size
383KB
-
MD5
d414115c947793d91a7d5a110053305c
-
SHA1
3a21e61f797e8abd4aa703f1f0d375d4d4fcc37a
-
SHA256
65eb2d7d35b22b4edfef16c7ff2f36d79b827145bc94644f7fe915a9378bf361
-
SHA512
0ab8a96b06ed9baf4f609faa4935fc6bae7ad1a77d0eb75bad03c41e3291505c7427ad457e1b88ad4fb352c3c549cd286ca5b4d0ffeb4ca1a7314dfb7f343b4e
-
SSDEEP
6144:dN9ydRO4MojT8Nbp2npn5soltfE7k0/PVukfu7Ncgw6cUulYvlJAplDaK0FFvaI:n90E4X8Cniolq/tukG7pw6cllWlJApla
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-