General
-
Target
9675c26063960c74114460aa260684a0de5474930ab239b44afe8fba6ad4e012.zip
-
Size
8KB
-
Sample
230321-qpl6dsae38
-
MD5
0b94d4ce04ef25f4c7e8ce5328bb73b2
-
SHA1
9d0c1ba81ae49e7a8365d0defde936fed0d26e7c
-
SHA256
200a5245ee4174e73c37d6899388b06c18773f9f9ab438b1ff38cb91be0c2437
-
SHA512
f75d38d4ee5f4529336135919040ed7cda40d4d319a42f77c94d059243998b0eaab087b60aa5866989f4ca58a4cee798219320ed855c41aa78eaa312ca2a320d
-
SSDEEP
192:alZp7aZIHu+SJZOi78AknnS6Z/5TzgEjWLkh4k:4j71O+SPOJA4nSUxvBj72k
Static task
static1
Behavioral task
behavioral1
Sample
9675c26063960c74114460aa260684a0de5474930ab239b44afe8fba6ad4e012.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
9675c26063960c74114460aa260684a0de5474930ab239b44afe8fba6ad4e012.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
warzonerat
45.72.96.199:55081
Targets
-
-
Target
9675c26063960c74114460aa260684a0de5474930ab239b44afe8fba6ad4e012.exe
-
Size
18KB
-
MD5
0be9c9de62ce0696daf9230cb5603ad9
-
SHA1
4058637baa85bbd6d10b8919b45341a712fc9004
-
SHA256
9675c26063960c74114460aa260684a0de5474930ab239b44afe8fba6ad4e012
-
SHA512
1ba30334398dbf72a11d57cc781419faa7d9100d288ac9f09d1a1d16466aad226235eff6277c071e63980c4c2aac8ad467f0376fcb28a355616a661d7324ba95
-
SSDEEP
384:EzRd+2oW9S6/x47DBh3OcMCkd1N7/lbjRE7XxSfw2:9W9S6/W7DBJOcMCkd1BRRmXJ
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Drops startup file
-
Suspicious use of SetThreadContext
-