General
-
Target
f5e9af8a842e3d0ab3b48e83151a43a1514ed4f8772da1819d27558b62901b3b.zip
-
Size
470KB
-
Sample
230321-qpmrxsce7s
-
MD5
d9f0f7b3e654be29deba3120eac66e5b
-
SHA1
4b71c898eb3affd1f15232ee5e9c79e6560dabab
-
SHA256
09e6fb6d40e80ed9ec9fa9e7a5ccb5b1ab3a394e5057c0eed89ba83079244133
-
SHA512
f9f857541c3b33e7759c4b8b513a928123efd45501a90db513020b3ea0d0d9dad4460cb5e44655db6cd776a2e68b82ef46a749c5d41689a333560e2d75e31e00
-
SSDEEP
12288:9eBIVGz7f7mv3fGu1xaI9FIDVjc2aygcS10vbqr:9dwfCxMQ+jce9u0vbqr
Static task
static1
Behavioral task
behavioral1
Sample
f5e9af8a842e3d0ab3b48e83151a43a1514ed4f8772da1819d27558b62901b3b.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
f5e9af8a842e3d0ab3b48e83151a43a1514ed4f8772da1819d27558b62901b3b.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
warzonerat
154.16.106.40:4441
Targets
-
-
Target
f5e9af8a842e3d0ab3b48e83151a43a1514ed4f8772da1819d27558b62901b3b.exe
-
Size
579KB
-
MD5
6ca65058e490b038710bd1e2ac8cb457
-
SHA1
c66ea296401994d1d352b2795b70dd38f7eb4f88
-
SHA256
f5e9af8a842e3d0ab3b48e83151a43a1514ed4f8772da1819d27558b62901b3b
-
SHA512
f3f473a6e7335b39cdd212ce287070e2f092cc550bd836ca66808b3483ef48c6152ad41a5f9a120c22c268af3960768b6fb7e03a8861bf444052c7cf1476229f
-
SSDEEP
12288:sctmABdVLhcA9D/4BjCAYEKRkx/yX0chSSuPA:sqdpkBtqoaXLMS+
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-