General
-
Target
a1805c0d9f859351a93a34dcce491579
-
Size
255KB
-
Sample
240224-lbxyhsff52
-
MD5
a1805c0d9f859351a93a34dcce491579
-
SHA1
edf4dc30905cd257391913cc3bb9d1fbfcba8eb5
-
SHA256
efd79f15e2745fd167c1f507241d83bf0052026c29252a06d6dafa2f004c3fbd
-
SHA512
2fdb90903c5d3c1853ae89dc739afeedc84e0ff1d6f980357fdfcbf29ef6ea78c22cf261dc7ac45cb9e8e76653029d982dd5bc34b04631c68c256b5d6478de2d
-
SSDEEP
6144:JRu66bNPQm1N4WhtGPWebgT3qxjj4Ua2+1EruWB0i4H:X6NJoWebeq58bQ
Static task
static1
Behavioral task
behavioral1
Sample
a1805c0d9f859351a93a34dcce491579.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a1805c0d9f859351a93a34dcce491579.exe
Resource
win10v2004-20240221-en
Malware Config
Extracted
warzonerat
nan.ydns.eu:5200
Targets
-
-
Target
a1805c0d9f859351a93a34dcce491579
-
Size
255KB
-
MD5
a1805c0d9f859351a93a34dcce491579
-
SHA1
edf4dc30905cd257391913cc3bb9d1fbfcba8eb5
-
SHA256
efd79f15e2745fd167c1f507241d83bf0052026c29252a06d6dafa2f004c3fbd
-
SHA512
2fdb90903c5d3c1853ae89dc739afeedc84e0ff1d6f980357fdfcbf29ef6ea78c22cf261dc7ac45cb9e8e76653029d982dd5bc34b04631c68c256b5d6478de2d
-
SSDEEP
6144:JRu66bNPQm1N4WhtGPWebgT3qxjj4Ua2+1EruWB0i4H:X6NJoWebeq58bQ
Score10/10-
Detects BazaLoader malware
BazaLoader is a trojan that transmits logs to the Command and Control (C2) server, encoding them in BASE64 format through GET requests.
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-