General
-
Target
Contract Agreement.exe
-
Size
269KB
-
Sample
201109-cv4dmklb1j
-
MD5
a38372591737f530b778c116cb6e5c0a
-
SHA1
410afd1494d6953c605260dc4d128d86d7728851
-
SHA256
5c8962c65557bc5ae404143ad8d59911eb2e87fad327ae58f449b2f86cfdd63b
-
SHA512
f1b5d10ac5d75854346fc0bacb715c75355d662eba5494c3821969a359e6c7f4de9c3df92bfb062383423c0ebdcd9c7ae1ee9ba208d129579203b29183fb4d94
Static task
static1
Behavioral task
behavioral1
Sample
Contract Agreement.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Contract Agreement.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
Contract Agreement.exe
-
Size
269KB
-
MD5
a38372591737f530b778c116cb6e5c0a
-
SHA1
410afd1494d6953c605260dc4d128d86d7728851
-
SHA256
5c8962c65557bc5ae404143ad8d59911eb2e87fad327ae58f449b2f86cfdd63b
-
SHA512
f1b5d10ac5d75854346fc0bacb715c75355d662eba5494c3821969a359e6c7f4de9c3df92bfb062383423c0ebdcd9c7ae1ee9ba208d129579203b29183fb4d94
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Drops startup file
-
Suspicious use of SetThreadContext
-