General
-
Target
Lisect_AV-T_G3_308.exe
-
Size
232KB
-
Sample
240422-jlrhdaha68
-
MD5
bb5accb1bb157c951f739f0f3890b244
-
SHA1
fc9cf64ecd7a7eb794b478ce8e5cfbebc5954dc8
-
SHA256
c55c56828532ad2b3d922b0fb7eeb999c44cc3490deeccb3572e28166067be2a
-
SHA512
92a15ba0ff7353b08c262505a668ecced11ea4a0dda3f96f4224fb8f6e93a17cd388dfd14ce5ffee3574bbb5868f44bc9924379a464f34763a39bbf7dc2e314d
-
SSDEEP
6144:b+YD77nfv1aFxU5JOtXOgfNb6fTF4MoiwBP/DGDMDSj:bBfnfdKU5J6iATPrGS
Static task
static1
Behavioral task
behavioral1
Sample
Lisect_AV-T_G3_308.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Lisect_AV-T_G3_308.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
warzonerat
185.225.75.68:2222
Targets
-
-
Target
Lisect_AV-T_G3_308.exe
-
Size
232KB
-
MD5
bb5accb1bb157c951f739f0f3890b244
-
SHA1
fc9cf64ecd7a7eb794b478ce8e5cfbebc5954dc8
-
SHA256
c55c56828532ad2b3d922b0fb7eeb999c44cc3490deeccb3572e28166067be2a
-
SHA512
92a15ba0ff7353b08c262505a668ecced11ea4a0dda3f96f4224fb8f6e93a17cd388dfd14ce5ffee3574bbb5868f44bc9924379a464f34763a39bbf7dc2e314d
-
SSDEEP
6144:b+YD77nfv1aFxU5JOtXOgfNb6fTF4MoiwBP/DGDMDSj:bBfnfdKU5J6iATPrGS
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Executes dropped EXE
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-