General
-
Target
abc81ea6990888f8cd08bc836ef71176ace50c8a162dd2c52c0791f3e728728bN
-
Size
847KB
-
Sample
241023-g9d6vaxeqq
-
MD5
d187f64770eda1a23c2d343b7a129850
-
SHA1
0c83a8cae07c2c1af46ce0658bf171034cb7bbf5
-
SHA256
abc81ea6990888f8cd08bc836ef71176ace50c8a162dd2c52c0791f3e728728b
-
SHA512
56d1f9decfd4e7ebd4a4b019ffe3efe0848f560a2214573ef918e6a61ce32167014b4a040f3f89c1e41c6e045f96aa3afce9448b9625d33c63bd5a7365d003e5
-
SSDEEP
12288:5quErHF6xC9D6DmR1J98w4oknqO0CyQfg+G++AcZsFNUpPJ8PWYVEwCkAu18Wkuq:Mrl6kD68JmlojQfxr+Kq8PGwCDeGLR
Malware Config
Extracted
warzonerat
fada101.servehttp.com:5200
Targets
-
-
Target
abc81ea6990888f8cd08bc836ef71176ace50c8a162dd2c52c0791f3e728728bN
-
Size
847KB
-
MD5
d187f64770eda1a23c2d343b7a129850
-
SHA1
0c83a8cae07c2c1af46ce0658bf171034cb7bbf5
-
SHA256
abc81ea6990888f8cd08bc836ef71176ace50c8a162dd2c52c0791f3e728728b
-
SHA512
56d1f9decfd4e7ebd4a4b019ffe3efe0848f560a2214573ef918e6a61ce32167014b4a040f3f89c1e41c6e045f96aa3afce9448b9625d33c63bd5a7365d003e5
-
SSDEEP
12288:5quErHF6xC9D6DmR1J98w4oknqO0CyQfg+G++AcZsFNUpPJ8PWYVEwCkAu18Wkuq:Mrl6kD68JmlojQfxr+Kq8PGwCDeGLR
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-