warzonerat | 472-65-0x0000000000400000-0x000000000055C000-memory[.]dmp | Triage

Sharing

General

Target

472-65-0x0000000000400000-0x000000000055C000-memory.dmp
Size

1.4MB
MD5

034caf9ac1f2601051e1bbf77b232819
SHA1

8f04e380d18f586cb5d7db3c5e8e25b84393a52a
SHA256

e1bfce4278de93855b461775311d43dd52d2113dd0610d12bb76da508416f601
SHA512

1f80f7858ef81775349715c4d04bfe7b30da4b2577936b63d82785432f4bb406b18ab6c9684f56aefd829977cfdddc98f2a0c1ab0134258fbcd1ea400df4ddbc
SSDEEP

3072:2k4aHUBOO36YplMqBB3ZcPxlG+bBsDHqYzHKG0:2dx3wqz3ZcDeDKYzqG0

Score

10^/10

rat warzonerat

Malware Config

Signatures

Warzone RAT payload 1 IoCs

resource	yara_rule
sample	warzonerat

Warzonerat family
warzonerat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
472-65-0x0000000000400000-0x000000000055C000-memory.dmp

Files

472-65-0x0000000000400000-0x000000000055C000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.bss
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ