General
-
Target
Company Profile.exe
-
Size
952KB
-
Sample
230403-3r92fsde6x
-
MD5
3ab24aa99a56dc74f96fb324a8223a21
-
SHA1
a65704be67f79bbcdd2f6c991ea60733273bc0b2
-
SHA256
b65180d1894153d56a13fdc5148d9aadb1e68f086ad4b97e8e4a1df2217aeb7d
-
SHA512
4b25d0744979951d55f3a4a929cd392994da55c271942310b131e1d0e90e2b70097eabcf1df30f05a363f6f7e6530d18ec77deca52a82345fc728d373c43bc0f
-
SSDEEP
6144:wXLHjcMVlqPGlVjPnBemyAjOYSfocnCzmcIBZVyF:wbHo1qjPkmlefdnrcKq
Static task
static1
Behavioral task
behavioral1
Sample
Company Profile.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Company Profile.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
warzonerat
46.183.222.62:5353
Targets
-
-
Target
Company Profile.exe
-
Size
952KB
-
MD5
3ab24aa99a56dc74f96fb324a8223a21
-
SHA1
a65704be67f79bbcdd2f6c991ea60733273bc0b2
-
SHA256
b65180d1894153d56a13fdc5148d9aadb1e68f086ad4b97e8e4a1df2217aeb7d
-
SHA512
4b25d0744979951d55f3a4a929cd392994da55c271942310b131e1d0e90e2b70097eabcf1df30f05a363f6f7e6530d18ec77deca52a82345fc728d373c43bc0f
-
SSDEEP
6144:wXLHjcMVlqPGlVjPnBemyAjOYSfocnCzmcIBZVyF:wbHo1qjPkmlefdnrcKq
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Modifies Windows Firewall
-
Sets DLL path for service in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Modifies WinLogon
-
Drops file in System32 directory
-