General
-
Target
45d0badf0d81962d173b3009f3dcb660.exe
-
Size
688KB
-
Sample
230326-kywhjahh8w
-
MD5
45d0badf0d81962d173b3009f3dcb660
-
SHA1
1a930dd4b42133450ec20f4461fe83abfab00981
-
SHA256
bba868fe07310c4421085991f00efc87d7874c71780a2e38f17305ed95c73305
-
SHA512
055bd8beaf7c8fa83ea30da771b01ad0ad288cd687aa127d481a32fc69f7a6738831a043c392dda3fe7c24e0f17a331a36f81fb87d8ed9b265a475d24c39bf92
-
SSDEEP
12288:aGveLRgNGSD7QK+Vt1FvL/Wl3mcDNT+hU+s2yc1:1edMMXV7FD/uDshUYyc
Static task
static1
Behavioral task
behavioral1
Sample
45d0badf0d81962d173b3009f3dcb660.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
45d0badf0d81962d173b3009f3dcb660.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
warzonerat
84.38.130.181:5200
Targets
-
-
Target
45d0badf0d81962d173b3009f3dcb660.exe
-
Size
688KB
-
MD5
45d0badf0d81962d173b3009f3dcb660
-
SHA1
1a930dd4b42133450ec20f4461fe83abfab00981
-
SHA256
bba868fe07310c4421085991f00efc87d7874c71780a2e38f17305ed95c73305
-
SHA512
055bd8beaf7c8fa83ea30da771b01ad0ad288cd687aa127d481a32fc69f7a6738831a043c392dda3fe7c24e0f17a331a36f81fb87d8ed9b265a475d24c39bf92
-
SSDEEP
12288:aGveLRgNGSD7QK+Vt1FvL/Wl3mcDNT+hU+s2yc1:1edMMXV7FD/uDshUYyc
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-