General
-
Target
New order No 09052622.zip
-
Size
192KB
-
Sample
230223-srmaaaab5t
-
MD5
456d3018973f9e8d547f2e025f125bbc
-
SHA1
a002259adab0e4806f788db67db72958f0c0c45d
-
SHA256
0dc43c6b572e28d5744fcf9620589793255a2084069dc447c6c7904bb6f7a005
-
SHA512
914b8687039896f1bbbb3e74ea11a0391da93b0de85bd05d0dcb689910dfa6e2120a112339027537da85f1bd0d2b2fe4d77ee273657f08e325dfa7923a02a947
-
SSDEEP
6144:V2CBOpCXSxLe+myFxMi7XwC6bvmtjzAvB:0CBeCXSrMi7PJtoB
Static task
static1
Behavioral task
behavioral1
Sample
New order No 09052622.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
New order No 09052622.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
warzonerat
telenaxty.ddns.net:7706
Targets
-
-
Target
New order No 09052622.exe
-
Size
207KB
-
MD5
29d35b6cc964c0fb669083ce180d4210
-
SHA1
18206e7f0677a8b4a15a20db2e6baa0f1bc4e8ee
-
SHA256
36cb5ed800f2c0206233ec5d4d797545da3ab91290c1291347ccae0ca768c369
-
SHA512
c2afe012d397a081e3f790191c79bf4966f28d9882daa51de37e8708e8d4722bfcd2d63bc7346d9960fb753f34c1a229d0ab82e6005af2b5fc12b0e3838d1757
-
SSDEEP
6144:TYa6Re3BwxZeMmyF5Mi73wC6ZFmtZZvvE:TYDyBwtMi7vJtXE
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-