General
-
Target
Doc_43795379326436.exe
-
Size
327KB
-
Sample
200628-bdmmd47qsx
-
MD5
24e5934191f08a725c5005adaf753d11
-
SHA1
21bb5c17690bb277422d855619f0ca7f20182019
-
SHA256
c95ca2828f96e70328cd9ac4dfddad25fb0dcddc2e265200401ce10eecf3c2a4
-
SHA512
b8592b9d07d10081f77acfb767d3f7c183a9ab7409d7b9266999e149ad41b83035e76240dcf6de1ab28df7418a57816e05f50614f27ac27238666b56c303278c
Malware Config
Targets
-
-
Target
Doc_43795379326436.exe
-
Size
327KB
-
MD5
24e5934191f08a725c5005adaf753d11
-
SHA1
21bb5c17690bb277422d855619f0ca7f20182019
-
SHA256
c95ca2828f96e70328cd9ac4dfddad25fb0dcddc2e265200401ce10eecf3c2a4
-
SHA512
b8592b9d07d10081f77acfb767d3f7c183a9ab7409d7b9266999e149ad41b83035e76240dcf6de1ab28df7418a57816e05f50614f27ac27238666b56c303278c
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
JavaScript code in executable
-
Suspicious use of SetThreadContext
-