General
-
Target
a2b1b650ec3ce938cbf1b57de79cab94
-
Size
844KB
-
Sample
240224-zdjqkaeg5v
-
MD5
a2b1b650ec3ce938cbf1b57de79cab94
-
SHA1
42ed2e9fc7ea24580f35ac622119659e711ddabf
-
SHA256
f789781fe8f3fd19531820c67aae59ad2b4b66090708478301fb07179bb20470
-
SHA512
cfbbcd2047a69641ac3a820edc5d8cce7c397639ceda3bfb45a4197a6059f0a6793d9f4fcd71344100bebe2a2b383c732a9a1cecda2f9448c22d903afa2dc5c2
-
SSDEEP
12288:xua1ZeT4MX0aiaYtrHql+otuZWkma09b1ltQgxVHnN:ICZk4BHqlPuI+CHGgVHN
Static task
static1
Behavioral task
behavioral1
Sample
a2b1b650ec3ce938cbf1b57de79cab94.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a2b1b650ec3ce938cbf1b57de79cab94.exe
Resource
win10v2004-20240221-en
Malware Config
Extracted
warzonerat
185.157.161.69:9494
Targets
-
-
Target
a2b1b650ec3ce938cbf1b57de79cab94
-
Size
844KB
-
MD5
a2b1b650ec3ce938cbf1b57de79cab94
-
SHA1
42ed2e9fc7ea24580f35ac622119659e711ddabf
-
SHA256
f789781fe8f3fd19531820c67aae59ad2b4b66090708478301fb07179bb20470
-
SHA512
cfbbcd2047a69641ac3a820edc5d8cce7c397639ceda3bfb45a4197a6059f0a6793d9f4fcd71344100bebe2a2b383c732a9a1cecda2f9448c22d903afa2dc5c2
-
SSDEEP
12288:xua1ZeT4MX0aiaYtrHql+otuZWkma09b1ltQgxVHnN:ICZk4BHqlPuI+CHGgVHN
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Suspicious use of SetThreadContext
-