General
-
Target
a5698ac5a65e6c1065c76a5d91096a15cb72711969f91bdedaac5baccc533504
-
Size
359KB
-
Sample
240417-sanrsaee7t
-
MD5
e5f5741242b089e045818058def02192
-
SHA1
ef9f3da6b68ad22d324f5633828b0691b8bcf40e
-
SHA256
a5698ac5a65e6c1065c76a5d91096a15cb72711969f91bdedaac5baccc533504
-
SHA512
cff0b7f8e7d442b7d675ef979ccf829edd47e5d072e495dbcdf30700fc993b9f064f9ea42fabf49e88f105537c23ebf5c4c10400d8b4750e4df72eb5f3613899
-
SSDEEP
6144:JjMXB0x6EBk+luKQFjj0UBby9dAkyq9AbTNjp5Ot0TmNZaic0BqMsO/:6mM+luPX0UBb6dAhhqt0KNlc0BqMv
Static task
static1
Behavioral task
behavioral1
Sample
31b26582627d2978052cdce87ae338c2e78a029f7676365e1583c05528afada0.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
31b26582627d2978052cdce87ae338c2e78a029f7676365e1583c05528afada0.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
warzonerat
boldwold.home.kg:5208
Targets
-
-
Target
31b26582627d2978052cdce87ae338c2e78a029f7676365e1583c05528afada0.exe
-
Size
424KB
-
MD5
87de3f8376d531ea65b855a814f12a05
-
SHA1
3eb2a0c74d5fb48fdfaf92f318e0eafddbad102d
-
SHA256
31b26582627d2978052cdce87ae338c2e78a029f7676365e1583c05528afada0
-
SHA512
92ca3bed3344aed57b0e09e39371e5112349d8a184018bbb247c81f10fca81bcacbad967d0cdbd6950f6040a3bd6a38ff5cafbda547bcf029811583209ccf655
-
SSDEEP
12288:opuzCR3BwyQifb4RhOe2KCW4fzYbisq5y+m:bqwJ8bqUG4fWL
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-