warzonerat | 1704-54-0x0000000001E70000-0x0000000001FCC000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1704-54-0x0000000001E70000-0x0000000001FCC000-memory.dmp
Size

1.4MB
MD5

48bf9d4b40e87d0d15c0ebe646c2f132
SHA1

b7e4c243c85eee5743c235a31d564663e8a69f81
SHA256

9430054019624798749745d0eadefcdb56eef8f8c1e8a646a113b3ea3c07f186
SHA512

7b15510c39bfdfcaaaa06f6c8ef082e24b3bbb4e53d9ae9c6d3258bbd10ae0e2a42e2a97fcceecf6cd315a4e9f1ea8d528752de2230e0ab0b463f61e45cef17f
SSDEEP

3072:mGdnPOCJm78E2n+kizMsAhe7MrRy4YzHKxgGTmIwd:msNI8E2nKzMcMFxYzrGTZwd

Score

10^/10

rat warzonerat

Malware Config

Extracted

Family

warzonerat

C2

jeffdfehjhsda.ddns.net:5200

Signatures

Warzone RAT payload 1 IoCs

resource	yara_rule
sample	warzonerat

Warzonerat family
warzonerat

Files

1704-54-0x0000000001E70000-0x0000000001FCC000-memory.dmp
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.bss
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ