General
-
Target
PO#11-17012021,pdf.exe
-
Size
317KB
-
Sample
210118-v29bbmr2rj
-
MD5
883f037f8db0d45f1dab5dbd539326d2
-
SHA1
ab9b5572188b37c10eed0b76163667494fb4cc57
-
SHA256
b6d76a6dd8898fcd223678eec6835de53da6b2af1fc84c90dc502082eb6d8729
-
SHA512
5336c34028c972118fe8f20ae6beee20ec92c5413450abfdef0a3033edb026ed714ed8bc19772440bc4184ec4385165382d5c8a1551abccebf79a2230349749f
Static task
static1
Behavioral task
behavioral1
Sample
PO#11-17012021,pdf.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
PO#11-17012021,pdf.exe
Resource
win10v20201028
Malware Config
Extracted
warzonerat
206.123.129.103:4565
Targets
-
-
Target
PO#11-17012021,pdf.exe
-
Size
317KB
-
MD5
883f037f8db0d45f1dab5dbd539326d2
-
SHA1
ab9b5572188b37c10eed0b76163667494fb4cc57
-
SHA256
b6d76a6dd8898fcd223678eec6835de53da6b2af1fc84c90dc502082eb6d8729
-
SHA512
5336c34028c972118fe8f20ae6beee20ec92c5413450abfdef0a3033edb026ed714ed8bc19772440bc4184ec4385165382d5c8a1551abccebf79a2230349749f
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Suspicious use of SetThreadContext
-