General
-
Target
Leintz PO-2023-04-03.exe
-
Size
687KB
-
Sample
230403-m4jr2aff8x
-
MD5
e588266d7f1c8f4e397bae4cdcf2710d
-
SHA1
5e1a9233b25485885a61bb2dc5f897cbf761250a
-
SHA256
653acedbfd1cc43d370d69f63265a58ac180689929c376ffa72fa0d3410b4cca
-
SHA512
5e209d2dd3c4777d531d4b34ca433655af9e15e64a268f93be58f2abc9c1cbae265ca016e4e01a8370697d837f7d5c765356f6531e2356410fe82c22c604bef7
-
SSDEEP
12288:R5CBWKdq1FbwwJLwr5xhReyeAhyTk4oIiYDfXtsPWrrnBeKFN+8tV9oJ:CfrpNle0yQgDXtaWrLBeKFNRt8J
Static task
static1
Behavioral task
behavioral1
Sample
Leintz PO-2023-04-03.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Leintz PO-2023-04-03.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
warzonerat
84.38.133.217:5888
Targets
-
-
Target
Leintz PO-2023-04-03.exe
-
Size
687KB
-
MD5
e588266d7f1c8f4e397bae4cdcf2710d
-
SHA1
5e1a9233b25485885a61bb2dc5f897cbf761250a
-
SHA256
653acedbfd1cc43d370d69f63265a58ac180689929c376ffa72fa0d3410b4cca
-
SHA512
5e209d2dd3c4777d531d4b34ca433655af9e15e64a268f93be58f2abc9c1cbae265ca016e4e01a8370697d837f7d5c765356f6531e2356410fe82c22c604bef7
-
SSDEEP
12288:R5CBWKdq1FbwwJLwr5xhReyeAhyTk4oIiYDfXtsPWrrnBeKFN+8tV9oJ:CfrpNle0yQgDXtaWrLBeKFNRt8J
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-