General
-
Target
tmp
-
Size
371KB
-
Sample
230402-htjbasfb44
-
MD5
bddc4de227367c9c62d09664b29fc40b
-
SHA1
618d7ac1e3f63762e5f8e24d48f84f35d46295c5
-
SHA256
66d6fed53bcf671c54f9cb96fdd781a52a7cbef3c85f9d2942de89ccd4f49bf7
-
SHA512
8761b08db5b26c2395a033f0f9dab0de3f3a52b0045f157a60b8e9053c899302d27c1d1ee00cb3807818a82831e6954f54c34c92b02fe6996aa2e801b2e69685
-
SSDEEP
6144:FoeJqfPFq18M+8KUtVp8By6DfrA9weQ9uIHMGUqQ36DrKKaLQtbxpNu2BhLw8G+:aeEV0rtVqA6TrA6owQrQtbxfu61
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
tmp.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
warzonerat
5.161.206.28:5200
Targets
-
-
Target
tmp
-
Size
371KB
-
MD5
bddc4de227367c9c62d09664b29fc40b
-
SHA1
618d7ac1e3f63762e5f8e24d48f84f35d46295c5
-
SHA256
66d6fed53bcf671c54f9cb96fdd781a52a7cbef3c85f9d2942de89ccd4f49bf7
-
SHA512
8761b08db5b26c2395a033f0f9dab0de3f3a52b0045f157a60b8e9053c899302d27c1d1ee00cb3807818a82831e6954f54c34c92b02fe6996aa2e801b2e69685
-
SSDEEP
6144:FoeJqfPFq18M+8KUtVp8By6DfrA9weQ9uIHMGUqQ36DrKKaLQtbxpNu2BhLw8G+:aeEV0rtVqA6TrA6owQrQtbxfu61
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Executes dropped EXE
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-