General
-
Target
8c8ee58eacb110d5598f723ecd7e948c.bin
-
Size
164KB
-
Sample
230316-h23pxabh7y
-
MD5
459e626fefbe3ff7172011518da5e653
-
SHA1
2a9616aab1d5ea572d9c4d8f5295e70ec38f0e33
-
SHA256
8c857975e05ffe3ed6a24aa5699e240f915818271328302af269cd4f1dea088e
-
SHA512
907da0f11037e65233e91512e255ba024cf77dae57e2f41210333294546754f16bf16910ef3f9e4a6850041175bc99ad27d1ca083e07bb9ed6064b554c90972a
-
SSDEEP
3072:edP/XT8cYNfKzxkA6+xGvb8KIzjiqoofwt/4R1VYkYPkj6wQxAyVMlYpN:edPPoTNfKzmA6+MvbijiqdfWE1VkP+6j
Static task
static1
Behavioral task
behavioral1
Sample
92e54cb5fb1d4e2c874f09b5c10a617dc00d845970c094e426683d6989c5a182.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
92e54cb5fb1d4e2c874f09b5c10a617dc00d845970c094e426683d6989c5a182.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
warzonerat
omerlan.duckdns.org:6548
Targets
-
-
Target
92e54cb5fb1d4e2c874f09b5c10a617dc00d845970c094e426683d6989c5a182.exe
-
Size
203KB
-
MD5
8c8ee58eacb110d5598f723ecd7e948c
-
SHA1
b9be417a07aa65a317001ba2976cdd80fb267174
-
SHA256
92e54cb5fb1d4e2c874f09b5c10a617dc00d845970c094e426683d6989c5a182
-
SHA512
d474c65d401f18fc2343fd086ed1581df4adf1edbf087f1a0a72e97e7c4fc17bb804e7739eb27b5715614ea9071078cc385e3351375d9a89228865f3a072a4a7
-
SSDEEP
3072:WfY/TU9fE9PEtuNb246i/iIasUc9dWaYU2WfDRuTDP3KlORQ8TsN543G+RWuWCBg:AYa6724zLasU+6UZfDon/8h8e6WqFY
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-