General
-
Target
PO-46564343.exe
-
Size
3.4MB
-
Sample
240423-tgye8shg27
-
MD5
b2c650f3a8e5745c8a832b2a0b18a399
-
SHA1
39140b79507c5af0b91ef864129ae3598373e061
-
SHA256
6f68da459050effdc1e643ec81bec63c3860f0ea1c333a1cd451c11c8c08856c
-
SHA512
3116c1d3c5f1106ea7324157d72ff150e9858a2777b7677802c283a9ab92c3add533fcb4c5d0fbde24cabdf7cd8b9e5b509f4ae1aa8f5bd694e07ad0f6e54c1c
-
SSDEEP
49152:qYQ9p/TMILu3UAJvYIJ7PBJw47zvqgFQmUn3ZhNr:Kpg63Zr
Static task
static1
Behavioral task
behavioral1
Sample
PO-46564343.exe
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
PO-46564343.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
warzonerat
107.173.4.16:5200
Targets
-
-
Target
PO-46564343.exe
-
Size
3.4MB
-
MD5
b2c650f3a8e5745c8a832b2a0b18a399
-
SHA1
39140b79507c5af0b91ef864129ae3598373e061
-
SHA256
6f68da459050effdc1e643ec81bec63c3860f0ea1c333a1cd451c11c8c08856c
-
SHA512
3116c1d3c5f1106ea7324157d72ff150e9858a2777b7677802c283a9ab92c3add533fcb4c5d0fbde24cabdf7cd8b9e5b509f4ae1aa8f5bd694e07ad0f6e54c1c
-
SSDEEP
49152:qYQ9p/TMILu3UAJvYIJ7PBJw47zvqgFQmUn3ZhNr:Kpg63Zr
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-