warzonerat | 3004-28-0x00000000001E0000-0x00000000001FD000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3004-28-0x00000000001E0000-0x00000000001FD000-memory.dmp
Size

116KB
MD5

61819c0e45d472862db7c5f3cf2e019c
SHA1

fbbe88c034b9db8e01843cb4d411bca231ad4de0
SHA256

39a82f0fcf11790a08f324d6707805463352b692d5338db440a6a63830d94938
SHA512

2b90f9d17fcbe785f5621d2323bea7c6b1ea154a531d6428039ff25632555af9eec87f2a4e9db5ba3742eb28c70bb50295306d1faacc195ae03a6bce272d34e2
SSDEEP

1536:jaU0fyWZ92OcM7Axfov6cylw7xeHk0RVyiPDLZ1jVEy7:G3ZZ92Ol/olw7xkkyVyiPD3jVE8

Score

10^/10

rat warzonerat

Malware Config

Extracted

Family

warzonerat

C2

wealth.warzonedns.com:5202

Signatures

Warzone RAT payload 1 IoCs

resource	yara_rule
sample	warzonerat

Warzonerat family
warzonerat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3004-28-0x00000000001E0000-0x00000000001FD000-memory.dmp

Files

3004-28-0x00000000001E0000-0x00000000001FD000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.bss
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ