General
-
Target
Yeni sipari_WJO-001.exe
-
Size
470KB
-
Sample
230804-whnnjadd72
-
MD5
fe24503eb81fabf579481d5054b74753
-
SHA1
f279d3f02a1aed9da188e8bfcb41c3a0bd43fba1
-
SHA256
404a176d0455a3e99b16c589caf58fcfec84d453d8ff0984222ecbc4ad0fefb1
-
SHA512
b9a3f0ff9c4966296fc27be9d4dc2c0373dbd68884eb842d02615ccb24b868bc9edf61becc54f1625fc7799e4b370a833cb39352709de1c5ec9f762d93f26231
-
SSDEEP
6144:ZTvIrqin80B3jwt05tBFGVEeOPPapTlg81t2/ceUwEt+O7rbeqE612J93Bj:oqix9wt0tNeOPwTlNt2/cKfu+q
Static task
static1
Behavioral task
behavioral1
Sample
Yeni sipari_WJO-001.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
Yeni sipari_WJO-001.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
warzonerat
79.134.225.90:9757
Targets
-
-
Target
Yeni sipari_WJO-001.exe
-
Size
470KB
-
MD5
fe24503eb81fabf579481d5054b74753
-
SHA1
f279d3f02a1aed9da188e8bfcb41c3a0bd43fba1
-
SHA256
404a176d0455a3e99b16c589caf58fcfec84d453d8ff0984222ecbc4ad0fefb1
-
SHA512
b9a3f0ff9c4966296fc27be9d4dc2c0373dbd68884eb842d02615ccb24b868bc9edf61becc54f1625fc7799e4b370a833cb39352709de1c5ec9f762d93f26231
-
SSDEEP
6144:ZTvIrqin80B3jwt05tBFGVEeOPPapTlg81t2/ceUwEt+O7rbeqE612J93Bj:oqix9wt0tNeOPwTlNt2/cKfu+q
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-