General
-
Target
bf8139f305047b8c4701c1726da13853.exe
-
Size
1.1MB
-
Sample
230406-fkn43sbd84
-
MD5
bf8139f305047b8c4701c1726da13853
-
SHA1
8d195fe1d8d2ab3d6fe1ab6dbc8118b3c0553ad9
-
SHA256
7dcf97cdae0ecebf21b3dbf14f91282c41464f410bede69f93af87f1e583877f
-
SHA512
fc749444abdb8dc2b55b42545c47c4beb7c202642841460ca185441606222e0fa93245a502502c288c7defe241309eb6ffbf327b1c54d1e8ee50cfa2fe31d0be
-
SSDEEP
24576:vXLM12zVZ97VDuw/rqdIXiKvHA92w43wkVg6GiPcN:vYAR37UYqdzKvG2wwRg7iG
Malware Config
Extracted
warzonerat
194.147.140.188:7231
Targets
-
-
Target
bf8139f305047b8c4701c1726da13853.exe
-
Size
1.1MB
-
MD5
bf8139f305047b8c4701c1726da13853
-
SHA1
8d195fe1d8d2ab3d6fe1ab6dbc8118b3c0553ad9
-
SHA256
7dcf97cdae0ecebf21b3dbf14f91282c41464f410bede69f93af87f1e583877f
-
SHA512
fc749444abdb8dc2b55b42545c47c4beb7c202642841460ca185441606222e0fa93245a502502c288c7defe241309eb6ffbf327b1c54d1e8ee50cfa2fe31d0be
-
SSDEEP
24576:vXLM12zVZ97VDuw/rqdIXiKvHA92w43wkVg6GiPcN:vYAR37UYqdzKvG2wwRg7iG
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-