General
-
Target
5a39f9dbd5c6cee8dce9d113c484d794045d72f3258e1959d34c14e673803260.zip
-
Size
164KB
-
Sample
230321-qplvmaae37
-
MD5
04c7a45184c4ac326d97fda239411d20
-
SHA1
f3b8622942897339ed4b02e33bbd6ae3196df7b6
-
SHA256
eb508dd16e3181fcb87e35f363a62ac67c3851b414b20d7e83825733cf4dc56d
-
SHA512
362d8313cf0805e8137b233dce3ec96a253f5ab3f91ee67e095f920acfdbb2acda0ecc7e20be2510704f33de9df303f0614222b6ece01a34937bb3687a32cbde
-
SSDEEP
3072:svVb1lXfJdrvZUX/sWuZm+sOJraBUdHdwpLL9cMGK5ShNcZOvanLcJ:sdHfHZLWybJraBUd9wpHGbW5QJ
Static task
static1
Behavioral task
behavioral1
Sample
5a39f9dbd5c6cee8dce9d113c484d794045d72f3258e1959d34c14e673803260.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
5a39f9dbd5c6cee8dce9d113c484d794045d72f3258e1959d34c14e673803260.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
warzonerat
macking.duckdns.org:1104
Targets
-
-
Target
5a39f9dbd5c6cee8dce9d113c484d794045d72f3258e1959d34c14e673803260.exe
-
Size
202KB
-
MD5
05ca94d88d462bef2458ec93ed42df23
-
SHA1
bc749bbfef60caac3ae0a3b6324767532c9e43dd
-
SHA256
5a39f9dbd5c6cee8dce9d113c484d794045d72f3258e1959d34c14e673803260
-
SHA512
b88729322928ce573c93cfdee9979bea525902fa71c96c5f43ca2370ca3d841b4708e89b5205a4404dc9af36526e5ca8b719d08c1bfc663358b799e492efa923
-
SSDEEP
3072:2fY/TU9fE9PEtu9brXRHwio/QbIFBo93nmpeBTJ1N+Mmc/8CWbqQZU8hbpUVS:gYa6TrFH3kE92pe9Jx/ZWbqunhKVS
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-