General
-
Target
a33967b25289fff0c0978686fa27ae823e3ac86684d52afb1a1ad1b732045249
-
Size
1.1MB
-
Sample
240226-1mh13ahc9z
-
MD5
5ccd86fc97c9a218f4d4deaf40474fe8
-
SHA1
5ab5d8f5eedd6bec3c970ed1220c2d93ff9da802
-
SHA256
a33967b25289fff0c0978686fa27ae823e3ac86684d52afb1a1ad1b732045249
-
SHA512
355fa936bfcb1f3cf8192e6179dac7870fff098217d2a5f10a07cb4c3448644c6b7678d6ddb81af3b25b96308072f43c814433bb7689136fb7683e9220a99dce
-
SSDEEP
24576:B389mI12NKtXeoGwtu16bTg98qVl7s1wxNvFUtTNiHZP6iv:B3EmI1CKl2wtAl9mwWtcyu
Static task
static1
Behavioral task
behavioral1
Sample
a33967b25289fff0c0978686fa27ae823e3ac86684d52afb1a1ad1b732045249.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a33967b25289fff0c0978686fa27ae823e3ac86684d52afb1a1ad1b732045249.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
warzonerat
146.70.76.43:43206
Targets
-
-
Target
a33967b25289fff0c0978686fa27ae823e3ac86684d52afb1a1ad1b732045249
-
Size
1.1MB
-
MD5
5ccd86fc97c9a218f4d4deaf40474fe8
-
SHA1
5ab5d8f5eedd6bec3c970ed1220c2d93ff9da802
-
SHA256
a33967b25289fff0c0978686fa27ae823e3ac86684d52afb1a1ad1b732045249
-
SHA512
355fa936bfcb1f3cf8192e6179dac7870fff098217d2a5f10a07cb4c3448644c6b7678d6ddb81af3b25b96308072f43c814433bb7689136fb7683e9220a99dce
-
SSDEEP
24576:B389mI12NKtXeoGwtu16bTg98qVl7s1wxNvFUtTNiHZP6iv:B3EmI1CKl2wtAl9mwWtcyu
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables embedding command execution via IExecuteCommand COM object
-
Warzone RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-