General
-
Target
5c72a278eea4555f1ce1035ea71fe05c.bin
-
Size
497KB
-
Sample
230401-btnsfsgd3z
-
MD5
e012fe35b4549ec0684ee1a8f9c09871
-
SHA1
39bd3e4cab7fcfecb3d2fb39cb772f1e6dea6079
-
SHA256
d8e2e07e54f87f526a35435de4b80b4b6fc5caa59d3499c4f1f01432e3fe6c5d
-
SHA512
7ebccda058897e5e7c60d21ebfa6a0a8d9fa023644813fd40a32aa87f0d5df3003f8e1e9530779c085ea888671514db084935efb10791f23fe56b328c2a6f5a5
-
SSDEEP
12288:saOmCxpAYUphC1CoqgQ1MLCPNgVRvdILQdnhYhTmEawi:sLm3YUC1CoqgQ1FPNiRuLInhqTmBwi
Static task
static1
Behavioral task
behavioral1
Sample
9d23ef1df51ca5f49d86bf9790e32a441525dadd86c3435658e51a012c51e3af.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
9d23ef1df51ca5f49d86bf9790e32a441525dadd86c3435658e51a012c51e3af.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
warzonerat
104.223.19.96:80
Targets
-
-
Target
9d23ef1df51ca5f49d86bf9790e32a441525dadd86c3435658e51a012c51e3af.exe
-
Size
666KB
-
MD5
5c72a278eea4555f1ce1035ea71fe05c
-
SHA1
dc54d9061b86771a60bfc0225e462fe620a2647a
-
SHA256
9d23ef1df51ca5f49d86bf9790e32a441525dadd86c3435658e51a012c51e3af
-
SHA512
453a70fb1d40d561ac578fed149defebdc3cbb21cf01dfa61365dbf88a032b073e655bb18f1a5c32f51413beffbba654cc5892b67877b6d0f65493cd54d87bad
-
SSDEEP
12288:X7n2ziKbtL8X4dRqwFtr3cCZ5yS9Tx+pMhp1YVj9J9LJNbimOMt+:TlX4dXt7csySbNhpUT9LJNbimX
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-