General
-
Target
9865e960e55907838a0e658e14ef1c70e91583cbe80da963f874df74022eb2bd
-
Size
516KB
-
Sample
240417-r3j4mace66
-
MD5
dc068058ff7d280c16b19b299aff0000
-
SHA1
c45a1903dd331027cdbfb0344ce9549cfaa972d6
-
SHA256
9865e960e55907838a0e658e14ef1c70e91583cbe80da963f874df74022eb2bd
-
SHA512
eda19efce7b28787839afdaa46d36589dc5a75fed13b19699ba555fa15a1e0179a4feeb445bf7bf5aa26d2e0b630fb2df6b9b2299d8e07d15f13cb767ffa1f20
-
SSDEEP
12288:0OFnEXhLDiC51UwPUpiHhpBIDf5tHwHHVzv55HhwCNQcbqi2cl6:0OFE5AiHXB25tHwVzv/Bb2Eqi2Z
Static task
static1
Behavioral task
behavioral1
Sample
13a1de911837a6848b57e4e794892372e0d19339448f9075958e21c1071cf310.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
13a1de911837a6848b57e4e794892372e0d19339448f9075958e21c1071cf310.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
warzonerat
173.249.202.75:5200
Targets
-
-
Target
13a1de911837a6848b57e4e794892372e0d19339448f9075958e21c1071cf310.exe
-
Size
532KB
-
MD5
bac1beef11c340ae6632b50d2ce1fb80
-
SHA1
eed74625db691bb0d498afec7b5b376e83bf5ff1
-
SHA256
13a1de911837a6848b57e4e794892372e0d19339448f9075958e21c1071cf310
-
SHA512
1486f2cf857b0f2dbd4717adebe266b86d8efd0d5554751349606d51844bb77e59d85dda5246c414902d2029ef5d6c895ac417fd7d47556978f7f3fd063ac8b6
-
SSDEEP
12288:XePFLVoq3FMItDhVug2npXPCqCAVzDU17u+vpBze+kkNSLy5eZ870W:XePRVoMFMIt/+FxM7le+3NJi
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-