General
-
Target
05ca94d88d462bef2458ec93ed42df23
-
Size
202KB
-
Sample
230316-fdpf9sbc9x
-
MD5
05ca94d88d462bef2458ec93ed42df23
-
SHA1
bc749bbfef60caac3ae0a3b6324767532c9e43dd
-
SHA256
5a39f9dbd5c6cee8dce9d113c484d794045d72f3258e1959d34c14e673803260
-
SHA512
b88729322928ce573c93cfdee9979bea525902fa71c96c5f43ca2370ca3d841b4708e89b5205a4404dc9af36526e5ca8b719d08c1bfc663358b799e492efa923
-
SSDEEP
3072:2fY/TU9fE9PEtu9brXRHwio/QbIFBo93nmpeBTJ1N+Mmc/8CWbqQZU8hbpUVS:gYa6TrFH3kE92pe9Jx/ZWbqunhKVS
Static task
static1
Behavioral task
behavioral1
Sample
05ca94d88d462bef2458ec93ed42df23.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
05ca94d88d462bef2458ec93ed42df23.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
warzonerat
macking.duckdns.org:1104
Targets
-
-
Target
05ca94d88d462bef2458ec93ed42df23
-
Size
202KB
-
MD5
05ca94d88d462bef2458ec93ed42df23
-
SHA1
bc749bbfef60caac3ae0a3b6324767532c9e43dd
-
SHA256
5a39f9dbd5c6cee8dce9d113c484d794045d72f3258e1959d34c14e673803260
-
SHA512
b88729322928ce573c93cfdee9979bea525902fa71c96c5f43ca2370ca3d841b4708e89b5205a4404dc9af36526e5ca8b719d08c1bfc663358b799e492efa923
-
SSDEEP
3072:2fY/TU9fE9PEtu9brXRHwio/QbIFBo93nmpeBTJ1N+Mmc/8CWbqQZU8hbpUVS:gYa6TrFH3kE92pe9Jx/ZWbqunhKVS
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-