General
-
Target
a5e1427e2f611e0515ec99807fa7b834
-
Size
791KB
-
Sample
240226-j92m9aha87
-
MD5
a5e1427e2f611e0515ec99807fa7b834
-
SHA1
dd5f391aee202ac68946e228b2100c71c5fbd6fd
-
SHA256
d1b4cda598b802db11e479ca1e796fdec405955ea2fa83f47458711204249a2f
-
SHA512
7cfc6c16bf4ba119087c1bf187fa57a69eb87e0709fc20bd3a84a56d757313da9a51d821b0b6d82b0144cc5194e6a228ac3a2a51b62fb1458cdcff990f19e9fe
-
SSDEEP
12288:KTBD8U/hOk0EB1XVkLiMZ5AbtRztk1KGl010fMB9Igu9j:7A75XIb5AbtR3G5fMB9C9
Static task
static1
Behavioral task
behavioral1
Sample
a5e1427e2f611e0515ec99807fa7b834.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a5e1427e2f611e0515ec99807fa7b834.exe
Resource
win10v2004-20240221-en
Malware Config
Extracted
warzonerat
ugob.ddns.net:5200
Targets
-
-
Target
a5e1427e2f611e0515ec99807fa7b834
-
Size
791KB
-
MD5
a5e1427e2f611e0515ec99807fa7b834
-
SHA1
dd5f391aee202ac68946e228b2100c71c5fbd6fd
-
SHA256
d1b4cda598b802db11e479ca1e796fdec405955ea2fa83f47458711204249a2f
-
SHA512
7cfc6c16bf4ba119087c1bf187fa57a69eb87e0709fc20bd3a84a56d757313da9a51d821b0b6d82b0144cc5194e6a228ac3a2a51b62fb1458cdcff990f19e9fe
-
SSDEEP
12288:KTBD8U/hOk0EB1XVkLiMZ5AbtRztk1KGl010fMB9Igu9j:7A75XIb5AbtR3G5fMB9C9
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Suspicious use of SetThreadContext
-