General
-
Target
ec97fe2ca09d875ceab1a42580d4817aad2a6ecfea52586454cbc782fb74d5e4.vbs
-
Size
804KB
-
Sample
241113-xkdrsaxfnk
-
MD5
6a3f1d0a26574f5c1e2d0118ae1ec4aa
-
SHA1
c2e31c5426f0cb98ab8f8cf2e9f3eec95366476c
-
SHA256
ec97fe2ca09d875ceab1a42580d4817aad2a6ecfea52586454cbc782fb74d5e4
-
SHA512
49496b5d797700c638cf750eaa3ff6a8e54ec52e864a074f2bb31fbcf607d18f04169c16e058b18cfe09273a81e33e37112a0735ca1d042d62cfdaa54481f58e
-
SSDEEP
24576:pLybbSfsKK4LPzHYjtY5eDHex4AH0sTfaKJVmcO/dh5Z2xMsoqUaCSG:a
Static task
static1
Behavioral task
behavioral1
Sample
ec97fe2ca09d875ceab1a42580d4817aad2a6ecfea52586454cbc782fb74d5e4.vbs
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
ec97fe2ca09d875ceab1a42580d4817aad2a6ecfea52586454cbc782fb74d5e4.vbs
Resource
win10v2004-20241007-en
Malware Config
Extracted
warzonerat
193.161.193.99:43544
Targets
-
-
Target
ec97fe2ca09d875ceab1a42580d4817aad2a6ecfea52586454cbc782fb74d5e4.vbs
-
Size
804KB
-
MD5
6a3f1d0a26574f5c1e2d0118ae1ec4aa
-
SHA1
c2e31c5426f0cb98ab8f8cf2e9f3eec95366476c
-
SHA256
ec97fe2ca09d875ceab1a42580d4817aad2a6ecfea52586454cbc782fb74d5e4
-
SHA512
49496b5d797700c638cf750eaa3ff6a8e54ec52e864a074f2bb31fbcf607d18f04169c16e058b18cfe09273a81e33e37112a0735ca1d042d62cfdaa54481f58e
-
SSDEEP
24576:pLybbSfsKK4LPzHYjtY5eDHex4AH0sTfaKJVmcO/dh5Z2xMsoqUaCSG:a
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzonerat family
-
Warzone RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-