General
-
Target
9af8cbd4d4708cff3109958c0f221756092d319cbdb58d8db5d6d895f0e54a8c
-
Size
307KB
-
Sample
230404-qca8csgh81
-
MD5
b63c0ec749420c510fbfa0ed2fc2662a
-
SHA1
a1b18fc9c8357f1ee8f4a7c0a93d49143d929d8c
-
SHA256
9af8cbd4d4708cff3109958c0f221756092d319cbdb58d8db5d6d895f0e54a8c
-
SHA512
7c1fed12134e26485606cdc2a9e931fd5483e0f4319ca39d5dfd1d0acce199c9f351c4956dc37e16384ae38dda34ade3d62b7adddf972fc3150c903744e11e1b
-
SSDEEP
6144:wNVUkSAShsp24oFFs7E0CT8y0O12udoEUA+bCfY/N2I:lRspSjsox4wldEKfY/N2I
Static task
static1
Behavioral task
behavioral1
Sample
9af8cbd4d4708cff3109958c0f221756092d319cbdb58d8db5d6d895f0e54a8c.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
9af8cbd4d4708cff3109958c0f221756092d319cbdb58d8db5d6d895f0e54a8c.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
warzonerat
91.192.100.15:11011
Targets
-
-
Target
9af8cbd4d4708cff3109958c0f221756092d319cbdb58d8db5d6d895f0e54a8c
-
Size
307KB
-
MD5
b63c0ec749420c510fbfa0ed2fc2662a
-
SHA1
a1b18fc9c8357f1ee8f4a7c0a93d49143d929d8c
-
SHA256
9af8cbd4d4708cff3109958c0f221756092d319cbdb58d8db5d6d895f0e54a8c
-
SHA512
7c1fed12134e26485606cdc2a9e931fd5483e0f4319ca39d5dfd1d0acce199c9f351c4956dc37e16384ae38dda34ade3d62b7adddf972fc3150c903744e11e1b
-
SSDEEP
6144:wNVUkSAShsp24oFFs7E0CT8y0O12udoEUA+bCfY/N2I:lRspSjsox4wldEKfY/N2I
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-