General
-
Target
464a6ec43ac1f064d3dfe307c7dfd921.bin
-
Size
545KB
-
Sample
230402-bv5glafc4w
-
MD5
255c0ba17fa8f5d0626b67ab126ffac2
-
SHA1
74560f79c08194d930090ba5ae69907cba9cd5d7
-
SHA256
3235ff66b44e547176bd6b0ad15d0b1c831de5fb5b2fbef3bf74c7b2394ccb90
-
SHA512
a5cb0de691b01242731b002b85310a9f283e57ab386c14e6010f1316b07a64d607a9c4f55a3c40da27fddfc93dbefbafbf60574257de8760e305872a09a56b22
-
SSDEEP
12288:js6nd/Z5u+lzjkLzRQLcqLwFKiF9Hqd7dkDi+jnaJqdQy2:I6Zfu+5jACLc6mqlEiUaJW2
Static task
static1
Behavioral task
behavioral1
Sample
189d5e75f300e21f30ae87cef1c384a3e33e26b5546b8404090bffe3251d4a34.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
189d5e75f300e21f30ae87cef1c384a3e33e26b5546b8404090bffe3251d4a34.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
warzonerat
104.223.19.96:80
Targets
-
-
Target
189d5e75f300e21f30ae87cef1c384a3e33e26b5546b8404090bffe3251d4a34.exe
-
Size
662KB
-
MD5
464a6ec43ac1f064d3dfe307c7dfd921
-
SHA1
468a543b51b6c797b668c8c442e451b1d9efe9d2
-
SHA256
189d5e75f300e21f30ae87cef1c384a3e33e26b5546b8404090bffe3251d4a34
-
SHA512
00e09724295dcf036ae1a70235b49cb37088b404edf61804cc31a8e2df8abcff058669620c82f679e00eec52f938c64b50eb618b361f3b82f174a333b5e77e20
-
SSDEEP
12288:NxCqHrYCPCimOMt+EqjhOClSlWDClEPjRQ1HfWW:NxCqHrYLimXWvrs8RQ1H
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-