General
-
Target
7e397f197a4122d8a085b7a5c9d080aa9f103b87e40cc.exe
-
Size
411KB
-
Sample
230405-gtrf8sea9t
-
MD5
3e4a6a626a6ec6287959069f5d4a23f8
-
SHA1
3199154897383ac6bae446940e79e65b0fa79253
-
SHA256
7e397f197a4122d8a085b7a5c9d080aa9f103b87e40cc4166cd283b8ad679faf
-
SHA512
11ed74559043e250c998b0c30e0f97f7f30b1648eb3fc68937a25415901bd2bf77d1dae8f1b7fd5e38238615b992734f3a4897c5c1f849a6edf923ff946a726e
-
SSDEEP
12288:cHQdkTZcKDn+GmLIkfWYebn7zqFE7SGUQQoJLzPp4FrSmSA:FdkTZcKDn+GmGaI9QMzPc
Static task
static1
Behavioral task
behavioral1
Sample
7e397f197a4122d8a085b7a5c9d080aa9f103b87e40cc.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
7e397f197a4122d8a085b7a5c9d080aa9f103b87e40cc.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
warzonerat
5.161.206.28:5200
Targets
-
-
Target
7e397f197a4122d8a085b7a5c9d080aa9f103b87e40cc.exe
-
Size
411KB
-
MD5
3e4a6a626a6ec6287959069f5d4a23f8
-
SHA1
3199154897383ac6bae446940e79e65b0fa79253
-
SHA256
7e397f197a4122d8a085b7a5c9d080aa9f103b87e40cc4166cd283b8ad679faf
-
SHA512
11ed74559043e250c998b0c30e0f97f7f30b1648eb3fc68937a25415901bd2bf77d1dae8f1b7fd5e38238615b992734f3a4897c5c1f849a6edf923ff946a726e
-
SSDEEP
12288:cHQdkTZcKDn+GmLIkfWYebn7zqFE7SGUQQoJLzPp4FrSmSA:FdkTZcKDn+GmGaI9QMzPc
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-