General
-
Target
c60f1da307389c105e1aa8cb22992413.exe
-
Size
219KB
-
Sample
230223-nlkgaahe6t
-
MD5
c60f1da307389c105e1aa8cb22992413
-
SHA1
a0cee0c49a307c9d4703c7a722f8632d1ee1f7ec
-
SHA256
1376df41ef75f22b8d35a4407c9aa23789e82c5b49bbef3cba7406bafa067122
-
SHA512
e5dd9393c01d6ff2d0ccc976769e1bf98648bcfbc77084e02158fe1b5b9712ad17dfa5abf57af18856a2e7bc1c03551d79c0345b1919aa426ec6c05f66b0d85b
-
SSDEEP
3072:2fY/TU9fE9PEtuPbr6IHtXFt7mWfz0V8WbBX/bXHMMmYIjhhuajn22jDYZFauPfI:gYa6JrFDhn783bBPgVYIjbuajFXuHwxf
Static task
static1
Behavioral task
behavioral1
Sample
c60f1da307389c105e1aa8cb22992413.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
c60f1da307389c105e1aa8cb22992413.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
warzonerat
blackroots7.duckdns.org:1104
Targets
-
-
Target
c60f1da307389c105e1aa8cb22992413.exe
-
Size
219KB
-
MD5
c60f1da307389c105e1aa8cb22992413
-
SHA1
a0cee0c49a307c9d4703c7a722f8632d1ee1f7ec
-
SHA256
1376df41ef75f22b8d35a4407c9aa23789e82c5b49bbef3cba7406bafa067122
-
SHA512
e5dd9393c01d6ff2d0ccc976769e1bf98648bcfbc77084e02158fe1b5b9712ad17dfa5abf57af18856a2e7bc1c03551d79c0345b1919aa426ec6c05f66b0d85b
-
SSDEEP
3072:2fY/TU9fE9PEtuPbr6IHtXFt7mWfz0V8WbBX/bXHMMmYIjhhuajn22jDYZFauPfI:gYa6JrFDhn783bBPgVYIjbuajFXuHwxf
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-