General
-
Target
Purchase Order.7z
-
Size
762KB
-
Sample
210118-ase8a8sawx
-
MD5
1e691fa6d518490e428e249993137c0d
-
SHA1
a30fc5af391958070eb44f23f1f456516a492311
-
SHA256
cd16d188108b02d270a0a63da1359bdc45df5a7825b6d5128a3108fb8e530337
-
SHA512
b01a540aedcc0a0d7a5225de1e7de06d3d6e873843e986a78fcd3af5cf773ff05c931bf85cd0025b71e53303a2eabe51121a2a255c9011ed3fbd793b76b89de1
Static task
static1
Behavioral task
behavioral1
Sample
Purchase Order.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Purchase Order.exe
Resource
win10v20201028
Malware Config
Extracted
warzonerat
40.84.216.183:7600
Targets
-
-
Target
Purchase Order.exe
-
Size
1.2MB
-
MD5
e9cdb57e8d85959e67fff38a7f8582ef
-
SHA1
fbd35f584d4d92b30da710413eb3e47c42b2a2c3
-
SHA256
1c5d4238505bbf9f9699eb6e12557e1cdf370a2495dc6b2d25559b28a502aefb
-
SHA512
cfb752ecfadd3c965e03fca5de937d0e07184bf5e067bbc68354b739e6d474834f9097acfdbb8d86ab54cab14458d6546d3e51a7167d64f7ad1ce3139fb0fed6
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Suspicious use of SetThreadContext
-