General
-
Target
Warzone-rat.rar
-
Size
23.6MB
-
Sample
230401-jabmsagf78
-
MD5
404a91c5d198834ef82f65e6ea85f710
-
SHA1
e7a7d3dc2264e9b4c2fcbc96aee1af2b175d359e
-
SHA256
58108a5be8fcc931b9473d09d255d48798c4237e616fadd664a9dca8a3a10fe1
-
SHA512
0fb7f67583ee43486b51db07032d54ce1436d852779cf203b6a0d5f082c88847cf06d94d9b73374a419f4fa9e58562e97e3a78619683a85c4bd8d3be8d457b46
-
SSDEEP
393216:CSvHwPtf84mEG8hs1knCOhlMbDAmdFNm5SRlzAc12IzdPhNxojE:5QlNmh2COAbvgSTPIIzdZNSjE
Behavioral task
behavioral1
Sample
WARZONE-RAT 3.03 Cracked.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
WARZONE-RAT 3.03 Cracked.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
warzonerat
141.98.6.154:5555
Targets
-
-
Target
WARZONE-RAT 3.03 Cracked.exe
-
Size
14.2MB
-
MD5
77348fe522de806874e19144787e2b2f
-
SHA1
0927972afeddf3cf11dbd23c67861c10d6f6512f
-
SHA256
dd1695b579dd1b5033d8efc69501e0c29bd324dcfb70bc4e4930a68028b7bcda
-
SHA512
7c4c7596cae42eae214e42341cb31d241bcbf7834f81df60675297e2eb06aec6f520cf33966e8a941d44e880622c8cb478e4a60b16baf2dc80dacc5b86271fe4
-
SSDEEP
393216:1knCOhlMbDAmdFNm5SRlzAc12IzdPhNxoj:12COAbvgSTPIIzdZNSj
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-