General
-
Target
6268aa7baf3e305e3719837676a68beb.exe
-
Size
465KB
-
Sample
230228-bwebssgh52
-
MD5
6268aa7baf3e305e3719837676a68beb
-
SHA1
a55a03d01304c4b9b95898b48411014bb2356a32
-
SHA256
8bda08d3f496963bfe69b61b77363ea31352ca56a56ccfbc8b17b86a6ada2bc3
-
SHA512
36fe7cf1a65bd7d3fd8b33c433e4b61cb74be2452857f2f9be68253215b5824994107d1ba8715ce49da6855907856a0f8336a8ff15769284ab4f693d477ad941
-
SSDEEP
12288:g3cNEybixPz7WS60tY8E+uMxALTPhc027husFmS11nhoe0:Uxxr7WS60tjE+XAHC0OEsFZ1ye0
Static task
static1
Behavioral task
behavioral1
Sample
6268aa7baf3e305e3719837676a68beb.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
6268aa7baf3e305e3719837676a68beb.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
warzonerat
193.42.33.27:5200
Targets
-
-
Target
6268aa7baf3e305e3719837676a68beb.exe
-
Size
465KB
-
MD5
6268aa7baf3e305e3719837676a68beb
-
SHA1
a55a03d01304c4b9b95898b48411014bb2356a32
-
SHA256
8bda08d3f496963bfe69b61b77363ea31352ca56a56ccfbc8b17b86a6ada2bc3
-
SHA512
36fe7cf1a65bd7d3fd8b33c433e4b61cb74be2452857f2f9be68253215b5824994107d1ba8715ce49da6855907856a0f8336a8ff15769284ab4f693d477ad941
-
SSDEEP
12288:g3cNEybixPz7WS60tY8E+uMxALTPhc027husFmS11nhoe0:Uxxr7WS60tjE+XAHC0OEsFZ1ye0
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-