General
-
Target
97fb00006246e0f21756ef9724201daaa64e1111be1aa8a62eb23ec81240f154
-
Size
582KB
-
Sample
240417-rszrbsdd7s
-
MD5
2fda0de7be82b320e996e0fe2773c4bc
-
SHA1
5c6c84a4bbc7460c9c33272bc7a0d1a58499c217
-
SHA256
97fb00006246e0f21756ef9724201daaa64e1111be1aa8a62eb23ec81240f154
-
SHA512
82544e154f8f98256dc49cbb4152fe3715aef47d1988a122a80a8747c96c89ac5ee262f47cbfe63f8b11bc026219e9edcc6c330b97cba9ad83a478f43933707d
-
SSDEEP
12288:0V3fK/nbT+8LZJjQOleUT0kDKj7zHaWTYk9BLTyYKk:0VyTTNLZJjQOgUT0km/pYkD/yYB
Static task
static1
Behavioral task
behavioral1
Sample
0246d4eb99473ba449b98548167d0767b68b075749a8962d0573851f505689b5.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
0246d4eb99473ba449b98548167d0767b68b075749a8962d0573851f505689b5.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
warzonerat
38.255.33.106:7896
Targets
-
-
Target
0246d4eb99473ba449b98548167d0767b68b075749a8962d0573851f505689b5.exe
-
Size
847KB
-
MD5
08b6a2749172417cbaa1a010639329c3
-
SHA1
6590a1646329161ee305abb2700e1d09d8b52faa
-
SHA256
0246d4eb99473ba449b98548167d0767b68b075749a8962d0573851f505689b5
-
SHA512
4482704e3fe0ccd16f877b6345cd40d1f4f058df2f88b5f18510f8ba998b9f198763826daef15020cd602e4474344af1f5a86f64a6f304ff975395396f778d1c
-
SSDEEP
24576:WuU/YJIS5ypFpGIr9cxGDF28CJXtfI7Khk9bSJzFzbhx:QGIr3vCJXtsKhkG9Nx
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-