General
-
Target
96c82b3b09009b6705a261a639310b30.exe
-
Size
226KB
-
Sample
230227-ty883aee85
-
MD5
96c82b3b09009b6705a261a639310b30
-
SHA1
d4f103a21e1424a48813bc9aefc3b1fe59ed4c60
-
SHA256
d094cf97104aeb8329fe0d30aaac1defe237c4f05fd57bf5f06c141818143ad4
-
SHA512
110a1ea51ed7a1eff4d54b92f9aec3970e82c3d980a46ac0e7d7bc9b1211bf71fe4b347824573ff8f4765f6a0eb3a8f93808b8f32fbeda4305b51a264251aef4
-
SSDEEP
3072:WfY/TU9fE9PEtuNbDNNG1mTfInt+S3vJXjqIYA9jwdUGZZFYzgIytf9wXfXsXCQP:AYa6j5NGUAndfljgAKPIytf96PEgsX
Static task
static1
Behavioral task
behavioral1
Sample
96c82b3b09009b6705a261a639310b30.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
96c82b3b09009b6705a261a639310b30.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
warzonerat
blackroots7.duckdns.org:1104
Targets
-
-
Target
96c82b3b09009b6705a261a639310b30.exe
-
Size
226KB
-
MD5
96c82b3b09009b6705a261a639310b30
-
SHA1
d4f103a21e1424a48813bc9aefc3b1fe59ed4c60
-
SHA256
d094cf97104aeb8329fe0d30aaac1defe237c4f05fd57bf5f06c141818143ad4
-
SHA512
110a1ea51ed7a1eff4d54b92f9aec3970e82c3d980a46ac0e7d7bc9b1211bf71fe4b347824573ff8f4765f6a0eb3a8f93808b8f32fbeda4305b51a264251aef4
-
SSDEEP
3072:WfY/TU9fE9PEtuNbDNNG1mTfInt+S3vJXjqIYA9jwdUGZZFYzgIytf9wXfXsXCQP:AYa6j5NGUAndfljgAKPIytf96PEgsX
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-