General
-
Target
8eb2f7ab9bab3a18b8e697ade5fa57a70f7200bb442179bb8761b9f2d876345f.exe
-
Size
177KB
-
Sample
230313-hzdb8sba3s
-
MD5
877f6849ca8eb7a220d7bb64add71f44
-
SHA1
41550d90774094cc82fce79db394c0bbdaf9c269
-
SHA256
8eb2f7ab9bab3a18b8e697ade5fa57a70f7200bb442179bb8761b9f2d876345f
-
SHA512
cc71b1c3fd3fd4ec15a38f4fdb55e99a09964acf740e32b8093fb05ef23454ed4d2daa560db49c23bda1526f267ff292326585f1f06d31aa3bc866d3acbf256c
-
SSDEEP
3072:2fY/TU9fE9PEtuGbo74DhFVnHNrNRBpAnv++sKXzRHyuOV0AASZv7M5yg7u:gYa6Wo74FnHRBpAn7XzRHyu40AASZ6Ba
Static task
static1
Behavioral task
behavioral1
Sample
8eb2f7ab9bab3a18b8e697ade5fa57a70f7200bb442179bb8761b9f2d876345f.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
8eb2f7ab9bab3a18b8e697ade5fa57a70f7200bb442179bb8761b9f2d876345f.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
warzonerat
macrim.duckdns.org:6269
Targets
-
-
Target
8eb2f7ab9bab3a18b8e697ade5fa57a70f7200bb442179bb8761b9f2d876345f.exe
-
Size
177KB
-
MD5
877f6849ca8eb7a220d7bb64add71f44
-
SHA1
41550d90774094cc82fce79db394c0bbdaf9c269
-
SHA256
8eb2f7ab9bab3a18b8e697ade5fa57a70f7200bb442179bb8761b9f2d876345f
-
SHA512
cc71b1c3fd3fd4ec15a38f4fdb55e99a09964acf740e32b8093fb05ef23454ed4d2daa560db49c23bda1526f267ff292326585f1f06d31aa3bc866d3acbf256c
-
SSDEEP
3072:2fY/TU9fE9PEtuGbo74DhFVnHNrNRBpAnv++sKXzRHyuOV0AASZv7M5yg7u:gYa6Wo74FnHRBpAn7XzRHyu40AASZ6Ba
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-