General
-
Target
5a39f9dbd5c6cee8dce9d113c484d794045d72f3258e1959d34c14e673803260.zip
-
Size
164KB
-
Sample
230321-rv4hasda7x
-
MD5
9a8e882c93760422ec02263acdbb78c4
-
SHA1
f0634c77a3ae1206fecae9d285224c7bb95d32bf
-
SHA256
d802dfdd113620634a88afe2ae7de17eed8200b0e81248b741bcf46d780844a7
-
SHA512
5ad6243447abcc4b2c4e1d14076989260521cb7cd6e44447fe595565b9a6fa592c04afeb69f52e34f64ebf5b7bc3ec91a36d43c49d2eb4d16567d5f04ce56e94
-
SSDEEP
3072:R8VS6cW0aOKy/5W2ZqUOoEkQFd2X8DLqXJsasy1Y9mLW9KCa:Rr64Ky/wmOoEkmqX11bL2a
Static task
static1
Behavioral task
behavioral1
Sample
5a39f9dbd5c6cee8dce9d113c484d794045d72f3258e1959d34c14e673803260.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
5a39f9dbd5c6cee8dce9d113c484d794045d72f3258e1959d34c14e673803260.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
warzonerat
macking.duckdns.org:1104
Targets
-
-
Target
5a39f9dbd5c6cee8dce9d113c484d794045d72f3258e1959d34c14e673803260.exe
-
Size
202KB
-
MD5
05ca94d88d462bef2458ec93ed42df23
-
SHA1
bc749bbfef60caac3ae0a3b6324767532c9e43dd
-
SHA256
5a39f9dbd5c6cee8dce9d113c484d794045d72f3258e1959d34c14e673803260
-
SHA512
b88729322928ce573c93cfdee9979bea525902fa71c96c5f43ca2370ca3d841b4708e89b5205a4404dc9af36526e5ca8b719d08c1bfc663358b799e492efa923
-
SSDEEP
3072:2fY/TU9fE9PEtu9brXRHwio/QbIFBo93nmpeBTJ1N+Mmc/8CWbqQZU8hbpUVS:gYa6TrFH3kE92pe9Jx/ZWbqunhKVS
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-