warzonerat | 768-187-0x0000000000400000-0x0000000000568000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

768-187-0x0000000000400000-0x0000000000568000-memory.dmp
Size

1.4MB
MD5

9176911e8717ca3f04e3ee15fa18a5ac
SHA1

de343dde0d131f2b31573844ce8398c948419d10
SHA256

a2dc788490acdd8c8d1937929a025b51fa6cbbd6acccb08e6960ec045eab0442
SHA512

2be967acdf2bd25c2d5d7b3e5f6bd7f42995f3e233b0151cf09a9348a450001997b74a0f59cba147fff15bf557cc5f95ecbfa78cc22c10d74d0041a1c6d0cf6d
SSDEEP

3072:WzPtbXqn6aR97tie5Niae2vl23G3Fzyffz8LTDh:Wz1bXq6aR97ViJ2vlz9yffz8LT

Score

10^/10

rat warzonerat

Malware Config

Extracted

Family

warzonerat

C2

peggyboo.duckdns.org:4545

Signatures

Warzone RAT payload 1 IoCs

resource	yara_rule
sample	warzonerat

Warzonerat family
warzonerat

Files

768-187-0x0000000000400000-0x0000000000568000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 146KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.bss
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ