General
-
Target
Swift_050423.exe
-
Size
555KB
-
Sample
230406-g92bdabg54
-
MD5
a03b30547f73dd956ebe0eac2361a977
-
SHA1
c71273f0a6909aa30a783f922215ad1efd617d9a
-
SHA256
a565630d44c3226052705000037a19cb45da97fc52f4b2a8ade6624075b1afe3
-
SHA512
6fc27f631a3ec227d5073134a8ebf6e941093b2e976e7eab6ed1a8582ef6196c0f2378f367f4e1489964a4649530bbf49402e062094a51d62124c2f0545a4c7a
-
SSDEEP
12288:YrZl+R69JQH2/VzQRYyVrMY+N4Iwh06wuII64ax:YlG6TQuvyd+N7wh06ZIIhax
Static task
static1
Behavioral task
behavioral1
Sample
Swift_050423.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Swift_050423.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
warzonerat
37.0.14.201:5888
Targets
-
-
Target
Swift_050423.exe
-
Size
555KB
-
MD5
a03b30547f73dd956ebe0eac2361a977
-
SHA1
c71273f0a6909aa30a783f922215ad1efd617d9a
-
SHA256
a565630d44c3226052705000037a19cb45da97fc52f4b2a8ade6624075b1afe3
-
SHA512
6fc27f631a3ec227d5073134a8ebf6e941093b2e976e7eab6ed1a8582ef6196c0f2378f367f4e1489964a4649530bbf49402e062094a51d62124c2f0545a4c7a
-
SSDEEP
12288:YrZl+R69JQH2/VzQRYyVrMY+N4Iwh06wuII64ax:YlG6TQuvyd+N7wh06ZIIhax
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-