General
-
Target
205b7ece70a889f37c1bbf44cd79461a.exe
-
Size
1.1MB
-
Sample
230228-m59d3sba66
-
MD5
205b7ece70a889f37c1bbf44cd79461a
-
SHA1
1cb79cf6908f6248189f0c5a850cb2962f096f20
-
SHA256
e2260c68631c4c1be8b873c859e84a2c9737cb348414b1fb2860a139d781a8b8
-
SHA512
6d09f68fa9aefe7eb53d9538494a105ff1abd1b7e511dfbafa213cd18d112fa2c1eaa475c15ef68795849cba18fa4abd64d131c83043078c48fb3a4859738f03
-
SSDEEP
24576:x3gmeVuCA6/+o77dK+NQoUQDx87xgAb/DAfRBUx/6qW:5gmeVua+w7PQc8uADDAfjU1B
Static task
static1
Behavioral task
behavioral1
Sample
205b7ece70a889f37c1bbf44cd79461a.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
205b7ece70a889f37c1bbf44cd79461a.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
warzonerat
195.133.40.92:5200
Targets
-
-
Target
205b7ece70a889f37c1bbf44cd79461a.exe
-
Size
1.1MB
-
MD5
205b7ece70a889f37c1bbf44cd79461a
-
SHA1
1cb79cf6908f6248189f0c5a850cb2962f096f20
-
SHA256
e2260c68631c4c1be8b873c859e84a2c9737cb348414b1fb2860a139d781a8b8
-
SHA512
6d09f68fa9aefe7eb53d9538494a105ff1abd1b7e511dfbafa213cd18d112fa2c1eaa475c15ef68795849cba18fa4abd64d131c83043078c48fb3a4859738f03
-
SSDEEP
24576:x3gmeVuCA6/+o77dK+NQoUQDx87xgAb/DAfRBUx/6qW:5gmeVua+w7PQc8uADDAfjU1B
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-