General
-
Target
Serne.exe
-
Size
21KB
-
Sample
230331-hn7rpsac2w
-
MD5
2469c5e13fb61f3d7c2ec99980506390
-
SHA1
17d77e0e0a6a9e0b7a215585dd3abc93d45ad081
-
SHA256
885ee8e9a14478858c45bbd9ec9b7638237df7b97bc9c016479a329b8d09eb02
-
SHA512
35e0cb410e943e48e4b7b8443973095f7ff64526ad88ffe985036985b16d3ab1223bac9aefb4f4e68a5cb5683f4cc5adf42d3bad139c8f585273b5d6e87ebefa
-
SSDEEP
384:mek3VcvQZaBtk2mQ4LquufMlmX4hirnmBag+S8ucdMEwvIKzjMq/XeNxhbcrdODB:meEcvQZaPk2J4hufMlmX4hirnmBx+SIk
Static task
static1
Behavioral task
behavioral1
Sample
Serne.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Serne.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
warzonerat
95.214.24.231:65535
Targets
-
-
Target
Serne.exe
-
Size
21KB
-
MD5
2469c5e13fb61f3d7c2ec99980506390
-
SHA1
17d77e0e0a6a9e0b7a215585dd3abc93d45ad081
-
SHA256
885ee8e9a14478858c45bbd9ec9b7638237df7b97bc9c016479a329b8d09eb02
-
SHA512
35e0cb410e943e48e4b7b8443973095f7ff64526ad88ffe985036985b16d3ab1223bac9aefb4f4e68a5cb5683f4cc5adf42d3bad139c8f585273b5d6e87ebefa
-
SSDEEP
384:mek3VcvQZaBtk2mQ4LquufMlmX4hirnmBag+S8ucdMEwvIKzjMq/XeNxhbcrdODB:meEcvQZaPk2J4hufMlmX4hirnmBx+SIk
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Drops startup file
-
Suspicious use of SetThreadContext
-