General
-
Target
b74618879b5e2ea0e13c8d0e992678bc.exe
-
Size
739KB
-
Sample
230405-hajgyseb7z
-
MD5
b74618879b5e2ea0e13c8d0e992678bc
-
SHA1
fc5d28f298c64362ffb3694ab86230a9d445b0a8
-
SHA256
329eb61b873a6a841137f7636308eeea8b0be51615660fb8ec8ada0ffdeaec52
-
SHA512
1c8ef059b4398301624db7709175db06b3af33116f19cb5c3c6c6c8dd1b3ed7657f401b0357274ccc3c23885274a6221a40d446958a2d27990493d394c33a7b4
-
SSDEEP
6144:xKPFSPmwoU4u97LyvqwVzphpJS4hgXoa76Cn5TVM0DKDjYTHo9wdbJ4hkGF:xKPFSPmD8LyywVzpFzhlUTGbgTHcwTg
Static task
static1
Behavioral task
behavioral1
Sample
b74618879b5e2ea0e13c8d0e992678bc.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
b74618879b5e2ea0e13c8d0e992678bc.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
warzonerat
185.29.9.38:3456
Targets
-
-
Target
b74618879b5e2ea0e13c8d0e992678bc.exe
-
Size
739KB
-
MD5
b74618879b5e2ea0e13c8d0e992678bc
-
SHA1
fc5d28f298c64362ffb3694ab86230a9d445b0a8
-
SHA256
329eb61b873a6a841137f7636308eeea8b0be51615660fb8ec8ada0ffdeaec52
-
SHA512
1c8ef059b4398301624db7709175db06b3af33116f19cb5c3c6c6c8dd1b3ed7657f401b0357274ccc3c23885274a6221a40d446958a2d27990493d394c33a7b4
-
SSDEEP
6144:xKPFSPmwoU4u97LyvqwVzphpJS4hgXoa76Cn5TVM0DKDjYTHo9wdbJ4hkGF:xKPFSPmD8LyywVzpFzhlUTGbgTHcwTg
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-