warzonerat | 4136-141-0x0000000005190000-0x00000000052EC000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4136-141-0x0000000005190000-0x00000000052EC000-memory.dmp
Size

1.4MB
MD5

d3c51491d64bfb0a3e2a0d7bea7dc2be
SHA1

a26f9368a6d04095fa7c593cebbc89f25d2e565e
SHA256

ba9048a29ddaaecd4615c5036bb87ab047eef33095cb71cde95c080f9e46c3bf
SHA512

923edf296f911c26876f98d649e7023cf0d666007c0d9ae6a4709dc1df6fd0fd37ec9156813abd0f8fb6df5e42945299f6e2a880e823db03ffadc17dbcdd97f3
SSDEEP

3072:wY6yLeO0NaOZQAf/XziJ9pvPyu3rlkdacYzH+G0OIwj:w3rA9AnziJydacYzeG0hwj

Score

10^/10

rat warzonerat

Malware Config

Extracted

Family

warzonerat

C2

ugoguy01.ddns.net:5656

Signatures

Warzone RAT payload 1 IoCs

resource	yara_rule
sample	warzonerat

Warzonerat family
warzonerat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4136-141-0x0000000005190000-0x00000000052EC000-memory.dmp

Files

4136-141-0x0000000005190000-0x00000000052EC000-memory.dmp
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.bss
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ