General
-
Target
a0892d0ee09eb36fba025875b72142fc
-
Size
1010KB
-
Sample
240223-2qx5tsbf41
-
MD5
a0892d0ee09eb36fba025875b72142fc
-
SHA1
5cd68df1915e072f4283410a0ca102c4f8bf3337
-
SHA256
e792f30b9a672d0542bb3c9983023938066ef1b2c40a3d01a73f15eeae5a87d6
-
SHA512
137700a35f6c555a055ac20f1c3b2f794567be89e4e0332298fa7048b77579b37f6ba948d9031ec100e70016d99b5e335ef251dbde9855c14c07df8e9674b509
-
SSDEEP
24576:8AOcZ6JC1gm0fCr2hxwHr6c14BNb3oFQYcEnVGUTB:qVm0KrMKHr6+ozo6In
Static task
static1
Behavioral task
behavioral1
Sample
a0892d0ee09eb36fba025875b72142fc.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a0892d0ee09eb36fba025875b72142fc.exe
Resource
win10v2004-20240221-en
Malware Config
Extracted
warzonerat
45.162.228.171:26112
Targets
-
-
Target
a0892d0ee09eb36fba025875b72142fc
-
Size
1010KB
-
MD5
a0892d0ee09eb36fba025875b72142fc
-
SHA1
5cd68df1915e072f4283410a0ca102c4f8bf3337
-
SHA256
e792f30b9a672d0542bb3c9983023938066ef1b2c40a3d01a73f15eeae5a87d6
-
SHA512
137700a35f6c555a055ac20f1c3b2f794567be89e4e0332298fa7048b77579b37f6ba948d9031ec100e70016d99b5e335ef251dbde9855c14c07df8e9674b509
-
SSDEEP
24576:8AOcZ6JC1gm0fCr2hxwHr6c14BNb3oFQYcEnVGUTB:qVm0KrMKHr6+ozo6In
Score10/10-
Detects BazaLoader malware
BazaLoader is a trojan that transmits logs to the Command and Control (C2) server, encoding them in BASE64 format through GET requests.
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-