General
-
Target
ea2ddf396c797d8883fe1c7af0a0bcd76d9b3d5e3b18e257c48ca1e639e945c9
-
Size
645KB
-
Sample
240417-rsdh4add21
-
MD5
d58a81f9424dbc04209d7e4bbcadd2ac
-
SHA1
ffd084bff4fa3ce5f18cf5af987b4cf6c299d872
-
SHA256
ea2ddf396c797d8883fe1c7af0a0bcd76d9b3d5e3b18e257c48ca1e639e945c9
-
SHA512
7f26f74f966981cff66dc70e0a08e7035f6bb1c4281635a716f7c780b74f4d074f49f275b6ebca83067e08818a227bb4e486db1667e5a6c69a410f935d0968e4
-
SSDEEP
12288:WgOnjKOhKLTH7dbMO2niohqVcpQ1QF1j3iQqq7:WgOjN+bOtni9k1f
Malware Config
Extracted
warzonerat
makatti.duckdns.org:3787
Targets
-
-
Target
bc7a00a440550e0b93368e5d1524e9b5a46177f26518803d85268d9d7a1cca8a.exe
-
Size
870KB
-
MD5
0c74bc9529b8d9f96fc7e1b47559abd1
-
SHA1
232bb8f072131d66e317b1f8acb1371e999447cb
-
SHA256
bc7a00a440550e0b93368e5d1524e9b5a46177f26518803d85268d9d7a1cca8a
-
SHA512
0ceb0b9eb1923c748b5d30281a023a0fcb407f68e8e9b3d63b289ea96770215ebd7801bd5744beba234319bef2494bfc211b1cab5bd9ac65a34fa36a6f9d54eb
-
SSDEEP
24576:B44dBZcMzXROOhbXxHZCnkgDAN1jtyhfz87brh8:zdBZNzXROUtHZKu1+fz87h
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-