General
-
Target
83dd5ba0716c1222ba94d55d69a469cc2bfd88cdbfa1f7b17c9eadfe5f412462.js
-
Size
18KB
-
Sample
240627-btp1hsxhpk
-
MD5
d9a5901a96a98c2186d8ae59ff3ba9c8
-
SHA1
f0111a42913dae06f0cc8f99684872d2e0bfe8de
-
SHA256
83dd5ba0716c1222ba94d55d69a469cc2bfd88cdbfa1f7b17c9eadfe5f412462
-
SHA512
31baae2b3a8514e7a6b3283478d8e128bfc8147a5d2743f9d245a190137bb168c8cb04af7b01daac7a89eedd121ab82fbef9b5b9c0c308f8a7ff514074fad725
-
SSDEEP
384:88PeKFReKnVqfO3fFRQ6cKyIjHRrw29BG6apdtRpoNDN:/TFRTnVqfO3fFRQ6cKyIjHRrw29BG6OU
Static task
static1
Behavioral task
behavioral1
Sample
83dd5ba0716c1222ba94d55d69a469cc2bfd88cdbfa1f7b17c9eadfe5f412462.js
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
83dd5ba0716c1222ba94d55d69a469cc2bfd88cdbfa1f7b17c9eadfe5f412462.js
Resource
win10v2004-20240611-en
Malware Config
Extracted
warzonerat
109.248.151.231:52048
Targets
-
-
Target
83dd5ba0716c1222ba94d55d69a469cc2bfd88cdbfa1f7b17c9eadfe5f412462.js
-
Size
18KB
-
MD5
d9a5901a96a98c2186d8ae59ff3ba9c8
-
SHA1
f0111a42913dae06f0cc8f99684872d2e0bfe8de
-
SHA256
83dd5ba0716c1222ba94d55d69a469cc2bfd88cdbfa1f7b17c9eadfe5f412462
-
SHA512
31baae2b3a8514e7a6b3283478d8e128bfc8147a5d2743f9d245a190137bb168c8cb04af7b01daac7a89eedd121ab82fbef9b5b9c0c308f8a7ff514074fad725
-
SSDEEP
384:88PeKFReKnVqfO3fFRQ6cKyIjHRrw29BG6apdtRpoNDN:/TFRTnVqfO3fFRQ6cKyIjHRrw29BG6OU
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables embedding command execution via IExecuteCommand COM object
-
Warzone RAT payload
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-