General
-
Target
SecuriteInfo.com.Win32.PWSX-gen.27096.4512.exe
-
Size
534KB
-
Sample
240213-h8c3tscc3y
-
MD5
16cd177899279d5d2d27443286ccc41b
-
SHA1
91c1ee553aa8ac4cd24ef5800c6ac12da7becdee
-
SHA256
3e4da5132877e955fb455e58e300b56033c07a6d2709b386fdc5c43a88e1c499
-
SHA512
d1175ab4e807d9950f58b92663cf905413f6c73c5b5c3edf118ae9ae24455e20ed815169b6c279096fd0d7527784713300d66a4a77202b86b1a74c46d08b58c4
-
SSDEEP
12288:NhxeQ5vzivb4wd+czsvcw0rciBgZzZzw288So7y:Nhxriz4wd+xclubszo
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.PWSX-gen.27096.4512.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Win32.PWSX-gen.27096.4512.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
warzonerat
makatti.duckdns.org:3787
Targets
-
-
Target
SecuriteInfo.com.Win32.PWSX-gen.27096.4512.exe
-
Size
534KB
-
MD5
16cd177899279d5d2d27443286ccc41b
-
SHA1
91c1ee553aa8ac4cd24ef5800c6ac12da7becdee
-
SHA256
3e4da5132877e955fb455e58e300b56033c07a6d2709b386fdc5c43a88e1c499
-
SHA512
d1175ab4e807d9950f58b92663cf905413f6c73c5b5c3edf118ae9ae24455e20ed815169b6c279096fd0d7527784713300d66a4a77202b86b1a74c46d08b58c4
-
SSDEEP
12288:NhxeQ5vzivb4wd+czsvcw0rciBgZzZzw288So7y:Nhxriz4wd+xclubszo
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-