General
-
Target
csrss.exe
-
Size
1.1MB
-
Sample
230223-a5kphagb2s
-
MD5
3bd3749e27043d48442c3a39f5ef9169
-
SHA1
38272041806c32059abf77a7be2a16dc0e11f87d
-
SHA256
ad6da80b71b6f6b0fb61a7dbc4db54a5edce463c8a925f5ca04cd8baec44473c
-
SHA512
637a3a050dee1403b609914e1fb8c4ebc7520e9d5b3d374f9419ade8ca7d34cf9cae195dcdcbe691a94a2d0680cb9dc4f6c8d36c56ac8501fb0ec667b95364af
-
SSDEEP
24576:i/UQbNqF6Ka2TDAC2OnpB9DoRFRnv4pCtcu:iJJqHdnAxep3k3n
Static task
static1
Behavioral task
behavioral1
Sample
csrss.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
csrss.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
warzonerat
195.133.40.92:5200
Targets
-
-
Target
csrss.exe
-
Size
1.1MB
-
MD5
3bd3749e27043d48442c3a39f5ef9169
-
SHA1
38272041806c32059abf77a7be2a16dc0e11f87d
-
SHA256
ad6da80b71b6f6b0fb61a7dbc4db54a5edce463c8a925f5ca04cd8baec44473c
-
SHA512
637a3a050dee1403b609914e1fb8c4ebc7520e9d5b3d374f9419ade8ca7d34cf9cae195dcdcbe691a94a2d0680cb9dc4f6c8d36c56ac8501fb0ec667b95364af
-
SSDEEP
24576:i/UQbNqF6Ka2TDAC2OnpB9DoRFRnv4pCtcu:iJJqHdnAxep3k3n
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Suspicious use of SetThreadContext
-