General
-
Target
Proforma fatura.exe
-
Size
796KB
-
Sample
210112-jp9jv1gm3x
-
MD5
352a79b4fe6959ca79ab52e1366a5db0
-
SHA1
8f2dd9cc7b992a89e02852812342c4be170ba719
-
SHA256
fc2795532bba5d9bbdb746abaf999bf848677a9869e3d44bba53b5e60929aeac
-
SHA512
6bafe6792b06cb719fe84d74d3b8222d7f3358208cf597f2a6d73c05f9f526c832c9c908f47543cf39c2c02b22066169aab044f8839bec23bc28cfc9f89cc197
Static task
static1
Behavioral task
behavioral1
Sample
Proforma fatura.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Proforma fatura.exe
Resource
win10v20201028
Malware Config
Extracted
warzonerat
maxlogs.webhop.me:1619
Targets
-
-
Target
Proforma fatura.exe
-
Size
796KB
-
MD5
352a79b4fe6959ca79ab52e1366a5db0
-
SHA1
8f2dd9cc7b992a89e02852812342c4be170ba719
-
SHA256
fc2795532bba5d9bbdb746abaf999bf848677a9869e3d44bba53b5e60929aeac
-
SHA512
6bafe6792b06cb719fe84d74d3b8222d7f3358208cf597f2a6d73c05f9f526c832c9c908f47543cf39c2c02b22066169aab044f8839bec23bc28cfc9f89cc197
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-