General
-
Target
WARZONE-RAT 3.03 Cracked.exe
-
Size
14.1MB
-
Sample
230326-25n6gaad78
-
MD5
6d150d36b56cdc5bbd815f89735c7f87
-
SHA1
ad0dd5834bdaf8552e0c2a16fca8894786f7f299
-
SHA256
8a165d8c914a2c64273ddb5ea961e8d7f4e42f3a803af96886ebfd0ff576be1d
-
SHA512
3ad90ab0dc0af13d6aff72699e4398aeb404340b212ae9e82627603c028e4b6c24f0aec82eaa867cfc2c2129441352fce79b3978d5a6fcac20622f3e20e283f2
-
SSDEEP
196608:M7ua82jskVEUbKBsY6+jLD07YMT7DKSilI/xaU71ItNSyF6apyMWv1aQWipiZh7b:MKxPUtMD07YeKAZaUQh6apGttQb2m
Malware Config
Extracted
https://onedrive.live.com/download?cid=C7F050ABA6D0F6B7&resid=C7F050ABA6D0F6B7%21105&authkey=AIPYamsd38clFVs
Targets
-
-
Target
WARZONE-RAT 3.03 Cracked.exe
-
Size
14.1MB
-
MD5
6d150d36b56cdc5bbd815f89735c7f87
-
SHA1
ad0dd5834bdaf8552e0c2a16fca8894786f7f299
-
SHA256
8a165d8c914a2c64273ddb5ea961e8d7f4e42f3a803af96886ebfd0ff576be1d
-
SHA512
3ad90ab0dc0af13d6aff72699e4398aeb404340b212ae9e82627603c028e4b6c24f0aec82eaa867cfc2c2129441352fce79b3978d5a6fcac20622f3e20e283f2
-
SSDEEP
196608:M7ua82jskVEUbKBsY6+jLD07YMT7DKSilI/xaU71ItNSyF6apyMWv1aQWipiZh7b:MKxPUtMD07YeKAZaUQh6apGttQb2m
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-