General
-
Target
f60ea0e9fc88d4de1c25942a4f62dc6ad804af599a083da1595ec02db53bdb19
-
Size
202KB
-
Sample
230222-qha5jsbg34
-
MD5
4000bda87d72459675f2ba2850c850bf
-
SHA1
b22ba9c83a79d3a9af894a020623c71552482345
-
SHA256
f60ea0e9fc88d4de1c25942a4f62dc6ad804af599a083da1595ec02db53bdb19
-
SHA512
8c217dc14d50edac2b4eb06cbf362b7ac1565162ed996a80207863e627a1dc7ba15a2692efb5b42efdf0dd653d9a76da6969c8dd5a53d6f0e05b756453a4a587
-
SSDEEP
6144:AYa6eV4tW6hml8wKlHFLhBW7WIcJ/Uq1n:AYgQ1Zw2iunN
Static task
static1
Behavioral task
behavioral1
Sample
f60ea0e9fc88d4de1c25942a4f62dc6ad804af599a083da1595ec02db53bdb19.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
warzonerat
blackroots7.duckdns.org:1104
Targets
-
-
Target
f60ea0e9fc88d4de1c25942a4f62dc6ad804af599a083da1595ec02db53bdb19
-
Size
202KB
-
MD5
4000bda87d72459675f2ba2850c850bf
-
SHA1
b22ba9c83a79d3a9af894a020623c71552482345
-
SHA256
f60ea0e9fc88d4de1c25942a4f62dc6ad804af599a083da1595ec02db53bdb19
-
SHA512
8c217dc14d50edac2b4eb06cbf362b7ac1565162ed996a80207863e627a1dc7ba15a2692efb5b42efdf0dd653d9a76da6969c8dd5a53d6f0e05b756453a4a587
-
SSDEEP
6144:AYa6eV4tW6hml8wKlHFLhBW7WIcJ/Uq1n:AYgQ1Zw2iunN
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-