General
-
Target
64f2a6308c94b35be90cc1085538912c33956c06182756cd324f6874ae6c62f6
-
Size
307KB
-
Sample
230404-p1q32seh89
-
MD5
71e44db97d7e1d350965103abab9f962
-
SHA1
f7c5db5f8c1e383cf62c41afa49c1f2dfabe0953
-
SHA256
64f2a6308c94b35be90cc1085538912c33956c06182756cd324f6874ae6c62f6
-
SHA512
0c3c296a495ecf45c0d31d0eb02fde8061d24f2dd75bed295dab74aab3ef2126e235abbdc6a4699661dacbab51fcf7d6fc19c63098002c4b6985131b170c1be0
-
SSDEEP
6144:BHfqDye3NCT8yGjm04y0O12udoEUA89bNM6InMI:FiCgD4wldEnM6InMI
Static task
static1
Behavioral task
behavioral1
Sample
64f2a6308c94b35be90cc1085538912c33956c06182756cd324f6874ae6c62f6.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
64f2a6308c94b35be90cc1085538912c33956c06182756cd324f6874ae6c62f6.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
warzonerat
91.192.100.10:11011
Targets
-
-
Target
64f2a6308c94b35be90cc1085538912c33956c06182756cd324f6874ae6c62f6
-
Size
307KB
-
MD5
71e44db97d7e1d350965103abab9f962
-
SHA1
f7c5db5f8c1e383cf62c41afa49c1f2dfabe0953
-
SHA256
64f2a6308c94b35be90cc1085538912c33956c06182756cd324f6874ae6c62f6
-
SHA512
0c3c296a495ecf45c0d31d0eb02fde8061d24f2dd75bed295dab74aab3ef2126e235abbdc6a4699661dacbab51fcf7d6fc19c63098002c4b6985131b170c1be0
-
SSDEEP
6144:BHfqDye3NCT8yGjm04y0O12udoEUA89bNM6InMI:FiCgD4wldEnM6InMI
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-