General
-
Target
Serne.zip
-
Size
9KB
-
Sample
230331-l9ngqsaf8w
-
MD5
afbea5c5baef0eb7a49207c5bf656704
-
SHA1
2d9fe811a75baacb60e15ed0ebf4d8db59807b9d
-
SHA256
6f43eb8e121bbd2dc669661b0fa30917439daae9a5844bbc704e44a0f749359e
-
SHA512
d7b02168f47d1e4e0ffe8653bf05c34bab77a592db50a4dd086fe57c2d1d03c686fb5687d59e32e83dd8226ed8e12f4f69034f0b0419f249a2257f8f3ef770de
-
SSDEEP
192:VE+DFfNe5fvam0TZQbEvRdp/fiTFJjzq9p5g0DVhCZqXphROP+6Q7k9Bw7oC:ZFg5nCZQbEFiTFNzO5g0OZqZhF6Q7qBG
Static task
static1
Behavioral task
behavioral1
Sample
Serne.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Serne.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
warzonerat
95.214.24.231:65535
Targets
-
-
Target
Serne.exe
-
Size
21KB
-
MD5
2469c5e13fb61f3d7c2ec99980506390
-
SHA1
17d77e0e0a6a9e0b7a215585dd3abc93d45ad081
-
SHA256
885ee8e9a14478858c45bbd9ec9b7638237df7b97bc9c016479a329b8d09eb02
-
SHA512
35e0cb410e943e48e4b7b8443973095f7ff64526ad88ffe985036985b16d3ab1223bac9aefb4f4e68a5cb5683f4cc5adf42d3bad139c8f585273b5d6e87ebefa
-
SSDEEP
384:mek3VcvQZaBtk2mQ4LquufMlmX4hirnmBag+S8ucdMEwvIKzjMq/XeNxhbcrdODB:meEcvQZaPk2J4hufMlmX4hirnmBx+SIk
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Drops startup file
-
Suspicious use of SetThreadContext
-