General
-
Target
59dc7fff61938536be577f4f4bffccd30490bc65f63438b3f5a9fb3de94aaa64
-
Size
582KB
-
Sample
240417-rs1nmadd7v
-
MD5
a5e8c4e210fcd2ac111fae7e3f9f5f37
-
SHA1
2150a4fd2f26a6c6c6203bafc0ba46d5221e91da
-
SHA256
59dc7fff61938536be577f4f4bffccd30490bc65f63438b3f5a9fb3de94aaa64
-
SHA512
bc34be3aee7d64c43bee1db4bbe4cd0e226a20bd1be86c1c4179e84e1e5f842b8f96b19e4821deb62039ba4c393853695a96e4349631df4d8df8954cb900cdc0
-
SSDEEP
12288:pNLMVw+9HvxC+d9cjctE4lwcLEw44/HXU/R1BzRGaK50teamUi/o1:3MV1bvUcJfUvBzvHtA5E
Static task
static1
Behavioral task
behavioral1
Sample
de492c6384df2afd8c36f3f8ca910d93a21a2981b3c3a80e8a858d643122d488.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
de492c6384df2afd8c36f3f8ca910d93a21a2981b3c3a80e8a858d643122d488.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
warzonerat
38.255.33.106:7896
Targets
-
-
Target
de492c6384df2afd8c36f3f8ca910d93a21a2981b3c3a80e8a858d643122d488.exe
-
Size
753KB
-
MD5
4df59dea2cef6c233168b355086bec84
-
SHA1
38ea6d2ec93f3af7b029e4e0815cfbed1a86f67b
-
SHA256
de492c6384df2afd8c36f3f8ca910d93a21a2981b3c3a80e8a858d643122d488
-
SHA512
633b1e5dcb30e9b5e68d5d5c12949e88f425f8b4a74961a1a6adbd42f6cedf4fed43edcf0983490b4d657841dbc994f0db4b0ddecc15beaa0eeb67750eb9a2b1
-
SSDEEP
12288:BuIjUxr/RIZBpCrAaXYykD9c3hWVefuiqzuBHofwjKUO6/My2et:BuIjUxjRIZBpGIr9cxWVquiqzuJTKUT1
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-