General
-
Target
QUOTE_8776_788965_998866PDF.exe
-
Size
914KB
-
Sample
210113-bxbvyke3he
-
MD5
02155f87231c8ae6b34ff306a75bcb0f
-
SHA1
1278b84aff7da16e1973d1fe06b77a4e07edc3b9
-
SHA256
d31cd3d115f23ac70007b2b3918de2502ee0636178c3b1b8557a3b0cb5903acf
-
SHA512
3c6c4014e42832448dad6bc5dd13ddbf4d735a20888f2b6eaadea1242a29bb30aab32e94a3df5582910de020332aad02e53eb0129b3754ee6416c76b9c670779
Static task
static1
Behavioral task
behavioral1
Sample
QUOTE_8776_788965_998866PDF.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
QUOTE_8776_788965_998866PDF.exe
Resource
win10v20201028
Malware Config
Extracted
warzonerat
warzon957.duckdns.org:5051
Targets
-
-
Target
QUOTE_8776_788965_998866PDF.exe
-
Size
914KB
-
MD5
02155f87231c8ae6b34ff306a75bcb0f
-
SHA1
1278b84aff7da16e1973d1fe06b77a4e07edc3b9
-
SHA256
d31cd3d115f23ac70007b2b3918de2502ee0636178c3b1b8557a3b0cb5903acf
-
SHA512
3c6c4014e42832448dad6bc5dd13ddbf4d735a20888f2b6eaadea1242a29bb30aab32e94a3df5582910de020332aad02e53eb0129b3754ee6416c76b9c670779
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-