General
-
Target
0269b81f75aa1101e557c3ebb49eb4c5.exe
-
Size
219KB
-
Sample
230224-bnyepsbf51
-
MD5
0269b81f75aa1101e557c3ebb49eb4c5
-
SHA1
67412ee26893ec720e4ae7734026047aafd8f58b
-
SHA256
49ff2c2f0c21aa26f9ee4357241cdd347278ebacb5f343e34e71b431c891f7b7
-
SHA512
79d957ba94f4bc73202f837894b81288aef3adb45f6d114b3cc1ad85dbd19533e4010ba0f9fefc260e5aeae431cd11d36e1b31f06f837c19f4b1b03b752c39d7
-
SSDEEP
3072:WfY/TU9fE9PEtuTbJd1LgNtkoyj162pk7DdpFiUBnXJPVS9Zhj5h0hDUUCQn5+a6:AYa6F311516fDdhRXpVsNytUlQnDvS
Static task
static1
Behavioral task
behavioral1
Sample
0269b81f75aa1101e557c3ebb49eb4c5.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
0269b81f75aa1101e557c3ebb49eb4c5.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
warzonerat
blackroots7.duckdns.org:1104
Targets
-
-
Target
0269b81f75aa1101e557c3ebb49eb4c5.exe
-
Size
219KB
-
MD5
0269b81f75aa1101e557c3ebb49eb4c5
-
SHA1
67412ee26893ec720e4ae7734026047aafd8f58b
-
SHA256
49ff2c2f0c21aa26f9ee4357241cdd347278ebacb5f343e34e71b431c891f7b7
-
SHA512
79d957ba94f4bc73202f837894b81288aef3adb45f6d114b3cc1ad85dbd19533e4010ba0f9fefc260e5aeae431cd11d36e1b31f06f837c19f4b1b03b752c39d7
-
SSDEEP
3072:WfY/TU9fE9PEtuTbJd1LgNtkoyj162pk7DdpFiUBnXJPVS9Zhj5h0hDUUCQn5+a6:AYa6F311516fDdhRXpVsNytUlQnDvS
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-