General
-
Target
1407f0dec740aaeec061ec96604c87e50ae97d46e502e559cf1b60840df42a9e
-
Size
448KB
-
Sample
240417-p4s2tahe5x
-
MD5
287f2c6b96eef4a1917c7509005a3c8b
-
SHA1
3357e04b0183ff356ad04366232311c42c1a91fc
-
SHA256
1407f0dec740aaeec061ec96604c87e50ae97d46e502e559cf1b60840df42a9e
-
SHA512
36748788f22219d7d062c37f9d28c2d37aad2c5c98ad95ea3f5ef952d7cd7567e5ee19b535eb2b75c46bd65590a146fa40d01dc10ad7c816f85edca5ddff0c67
-
SSDEEP
12288:irEQVEVHQC4eLVuHFXON1rZ0K6UsT/TQ6qf4WGV8V:9HQJeQHoPV6JLQTYg
Static task
static1
Behavioral task
behavioral1
Sample
3c6bbdfafb3857e5850e95629d00542fd40df0b0a2ede2d49b204158d3e1cea1.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
3c6bbdfafb3857e5850e95629d00542fd40df0b0a2ede2d49b204158d3e1cea1.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral3
Sample
Buffisternes.ps1
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
Buffisternes.ps1
Resource
win10v2004-20240412-en
Malware Config
Extracted
warzonerat
96.9.225.105:61861
Targets
-
-
Target
3c6bbdfafb3857e5850e95629d00542fd40df0b0a2ede2d49b204158d3e1cea1.exe
-
Size
523KB
-
MD5
0b37c260284040ee0beb1549da143fb5
-
SHA1
9ae52f766f75f704a28e4dd4a5fd23ba6cc1548b
-
SHA256
3c6bbdfafb3857e5850e95629d00542fd40df0b0a2ede2d49b204158d3e1cea1
-
SHA512
4433ba8bef7b41b70607d332a005c21472955b7d6caea68be6dfd5fdf0acdcda69fa72a121575997cc26b64db62d444d07dd386eeb2bf0cd75667ec95cf7d3ad
-
SSDEEP
12288:KbNmJ8L4M58gAzcEHIksyBR3l1iAddpPW7rCMtvXpnh:We8L4MPAzfHBR3lkCcrCWXJh
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
-
-
Target
Buffisternes.Muj
-
Size
60KB
-
MD5
536404b62f83ffc1c1ab96b8702ac936
-
SHA1
e3fcddb4a59854532c9628fb842a89e44600d4df
-
SHA256
2257be627271ea9c32361cfcdb142ccb3b807d841dbfc04c08356cd1d8336600
-
SHA512
5e4f55571925250785b7674552960883841caf0ae0949a788d3afaf38494aab49f3838eb2f17a6138f4131ffd9f995a153d1676fc382734fde2b83d43d94663d
-
SSDEEP
768:XRG7q21ttLI7+7VD+oVBbRSI2K4bdIhyjxmFlcikC5pV5tZNN8WUM00WjCi/IDeQ:XRG7q2bt0KJD+obmBIhSqLL3NvGbnt2x
Score8/10-
Modifies Installed Components in the registry
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-