General
-
Target
8f56eda04533b9b130e28f031cba40f5
-
Size
236KB
-
Sample
240204-reeh8sdehk
-
MD5
8f56eda04533b9b130e28f031cba40f5
-
SHA1
4d07eec4700275447f6e8269247b130f49d74ea8
-
SHA256
decca35b90665b5cab7953d654aa934b485899c4df797fe3257f5f914198076f
-
SHA512
832d6958b7c02261d8f309a6ef40044b70b926824ce96f76e43c42794e4f25f90610252895173c3b42a2c3f9f7b52f0c9433862519b2f923c60c18cd313bccd2
-
SSDEEP
3072:FWUYAlmXkJr4Dul8kZyLA93qlUD2mvwV6bFcHSRoodGv8Z36CxVYwwBJ785v7W80:psBi17NCFYp3rtHmqbK65G
Static task
static1
Behavioral task
behavioral1
Sample
8f56eda04533b9b130e28f031cba40f5.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
8f56eda04533b9b130e28f031cba40f5.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
warzonerat
185.140.53.41:2104
Targets
-
-
Target
8f56eda04533b9b130e28f031cba40f5
-
Size
236KB
-
MD5
8f56eda04533b9b130e28f031cba40f5
-
SHA1
4d07eec4700275447f6e8269247b130f49d74ea8
-
SHA256
decca35b90665b5cab7953d654aa934b485899c4df797fe3257f5f914198076f
-
SHA512
832d6958b7c02261d8f309a6ef40044b70b926824ce96f76e43c42794e4f25f90610252895173c3b42a2c3f9f7b52f0c9433862519b2f923c60c18cd313bccd2
-
SSDEEP
3072:FWUYAlmXkJr4Dul8kZyLA93qlUD2mvwV6bFcHSRoodGv8Z36CxVYwwBJ785v7W80:psBi17NCFYp3rtHmqbK65G
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Suspicious use of SetThreadContext
-