Overview

overview

10

Static

static

10

1496-1157-...ry.exe

windows7-x64

1

1496-1157-...ry.exe

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    1496-1157-0x0000000000400000-0x000000000055E000-memory.dmp

  • Size

    1.4MB

  • MD5

    4802cfbb06afb2af40794e292afba2bc

  • SHA1

    b0d7b51dcb9e93ec9324f5cfd9e909f3574aa7a5

  • SHA256

    66fb1d2bd337d2f54da3dd328756c688711af92aa224930bda404cc438864d4d

  • SHA512

    6ab53b3cae29fb94a227cf2c98e6510c5e3f91b313443d0dee4f7cdba1b30720866c32359064cd8d29de71ce8cd6e2e709c10950b7789586799c1d7565f8a612

  • SSDEEP

    3072:4NLOpnhTdOw9YAJOzIYU2gVl01T2ENipdDr0z5:4NLYdT97JSItl0QENqQ

Score
10/10
ratwarzonerat

Malware Config

Extracted

Family

warzonerat

C2

194.147.140.213:10011

Signatures

  • Warzone RAT payload 1 IoCs
    rat
  • Warzonerat family
    warzonerat
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1496-1157-0x0000000000400000-0x000000000055E000-memory.dmp
    .exe windows x86


    Headers

    Sections