General
-
Target
ac48e7fdd258315b54625d2c9cc84d555d44b1a82c4e834238500f32d088d58b.zip
-
Size
164KB
-
Sample
230327-pdgabsdd28
-
MD5
555afb68e00be6d85a705c0e0d520c5e
-
SHA1
40d7dc5e13c18c67bbba04eb921444d833d37be3
-
SHA256
e990dd506564894065bf5ca3643bcf9c57f0de16611e7f2858849b9daf973774
-
SHA512
71eb4d21aa281284e598fa934e60cadc540766a833970ee5a1a2751316b97cdb87db8430ca42445eb96b3078240fca50edbe527d68ad77a053973268373efc46
-
SSDEEP
3072:2+UNd2fU0eaig4ynrdePnOl4ls1j3sg/XNMfHWbIRop83QRrX:Yd2fUBbgBnrYfm4ls1AOM/WIoEQ1X
Static task
static1
Behavioral task
behavioral1
Sample
ac48e7fdd258315b54625d2c9cc84d555d44b1a82c4e834238500f32d088d58b.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
ac48e7fdd258315b54625d2c9cc84d555d44b1a82c4e834238500f32d088d58b.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
warzonerat
46.183.222.62:5353
Targets
-
-
Target
ac48e7fdd258315b54625d2c9cc84d555d44b1a82c4e834238500f32d088d58b.exe
-
Size
193KB
-
MD5
53622e61772d39cd6868b89aaabb8249
-
SHA1
97d7be3cbfc038c741d0a0ba0404c147eb2d9b1b
-
SHA256
ac48e7fdd258315b54625d2c9cc84d555d44b1a82c4e834238500f32d088d58b
-
SHA512
1e254e3913f2bcd985d96123e8e2f08271f9f1e081a5c39d14afcfc6a1513c76139f980bd25d575845ca85ab2e14881042524a52314321f398558cdb30583d95
-
SSDEEP
6144:QkdnyRSXGwbtZt2hP4hY9eII6cuH58KCNRJynB:Q3SXt5E4hoeEdmV+
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-