General
-
Target
930aa1820fa08d9e2a36b6eb6d24749a.exe
-
Size
1.0MB
-
Sample
230228-fsjvbshd91
-
MD5
930aa1820fa08d9e2a36b6eb6d24749a
-
SHA1
9c448f1e95610373caa3b9dc61bb6251c7925f92
-
SHA256
27ad4236669f741a8cb23e2d31854b075244f61bcccbb4b0ab55ee63a708ba45
-
SHA512
e87cf1dff5b19e9aeb24792f2f47f5d814b889fad0dc8175c25d9a948d9e5d83b189398c0893bf16fb3cdcf5df45db115d7074e61b1b6caed74f7d86c7707395
-
SSDEEP
24576:N2VL5gh7mViJUXxJfoQQMcOOOTPkBpCtcuVfJYOW:IVL5gQVUUXLQomOyKJYO
Static task
static1
Behavioral task
behavioral1
Sample
930aa1820fa08d9e2a36b6eb6d24749a.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
930aa1820fa08d9e2a36b6eb6d24749a.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
warzonerat
37.0.14.210:29221
Targets
-
-
Target
930aa1820fa08d9e2a36b6eb6d24749a.exe
-
Size
1.0MB
-
MD5
930aa1820fa08d9e2a36b6eb6d24749a
-
SHA1
9c448f1e95610373caa3b9dc61bb6251c7925f92
-
SHA256
27ad4236669f741a8cb23e2d31854b075244f61bcccbb4b0ab55ee63a708ba45
-
SHA512
e87cf1dff5b19e9aeb24792f2f47f5d814b889fad0dc8175c25d9a948d9e5d83b189398c0893bf16fb3cdcf5df45db115d7074e61b1b6caed74f7d86c7707395
-
SSDEEP
24576:N2VL5gh7mViJUXxJfoQQMcOOOTPkBpCtcuVfJYOW:IVL5gQVUUXLQomOyKJYO
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-