General
-
Target
07827fcf9f6fc7bbd718ff90bf7355a1e474b04c91542dec380704082aeb9bdc
-
Size
304KB
-
Sample
240417-r6gsnscg67
-
MD5
a588ebf0f2b2366d6e7be198dce075f9
-
SHA1
cea97a6ddcd5b4f161a9ff85cb7f90b36deb4d7a
-
SHA256
07827fcf9f6fc7bbd718ff90bf7355a1e474b04c91542dec380704082aeb9bdc
-
SHA512
a199710b4d6c6a8478ce4011b9047d90fb2717b539844bae07ef121c22d92e4f847edcbfdca0ce5b6ccdeb7e6e31fafdd83893abb6735ab5426494a02832f526
-
SSDEEP
6144:KP1ntTL3ayTj7FEkwooGvhpps10DE0odGv+6kIeOofIHRdCkUO5m9H:KtnBL3gxGpzsmgH4TgI+W4H
Static task
static1
Behavioral task
behavioral1
Sample
1228d2a5da0c294501e973a3de592eedca074276969cc53327edd667f08af002.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
1228d2a5da0c294501e973a3de592eedca074276969cc53327edd667f08af002.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
warzonerat
217.151.98.163:6093
Targets
-
-
Target
1228d2a5da0c294501e973a3de592eedca074276969cc53327edd667f08af002.exe
-
Size
651KB
-
MD5
215834852a24fdc3fb3004d8809cd805
-
SHA1
02780d6f70a25456a6a9f9a9e08167bc3be29cf9
-
SHA256
1228d2a5da0c294501e973a3de592eedca074276969cc53327edd667f08af002
-
SHA512
90e8da6ca26cdf498503e6ea06857d53b301f396d5b35784f223f9f0dc76b3ef745be60c679511e9f2b5a3fb892938a797661e84e5982433e7bfe44becdd2274
-
SSDEEP
12288:5+CxtTAOGGwFfM8nYw8tQbE3AkwoxZqqt:57xGGk38abH
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-