General
-
Target
Invoice.exe
-
Size
1.0MB
-
Sample
210112-veem1bhrqe
-
MD5
cb811a9a8764bc084413ae02590b7ac5
-
SHA1
00469c7c7cf8b1e6d68dcc045acc497ea5c1b6c3
-
SHA256
0558ff6208fe5bfa8bc488efaf0138cddeca218dcc915325ff50d65705093f83
-
SHA512
0df28c7994a5b8b1445cb2d2ceeae7f3bac4943f1e1f2684eb808fa7c6d368e4dce9a7ccc3d071f9addd59cb56c6ec9107ad86905a89c163b711710a710971fa
Static task
static1
Behavioral task
behavioral1
Sample
Invoice.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Invoice.exe
Resource
win10v20201028
Malware Config
Extracted
warzonerat
maxlogs.webhop.me:1619
Targets
-
-
Target
Invoice.exe
-
Size
1.0MB
-
MD5
cb811a9a8764bc084413ae02590b7ac5
-
SHA1
00469c7c7cf8b1e6d68dcc045acc497ea5c1b6c3
-
SHA256
0558ff6208fe5bfa8bc488efaf0138cddeca218dcc915325ff50d65705093f83
-
SHA512
0df28c7994a5b8b1445cb2d2ceeae7f3bac4943f1e1f2684eb808fa7c6d368e4dce9a7ccc3d071f9addd59cb56c6ec9107ad86905a89c163b711710a710971fa
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-