General
-
Target
EFT_REMITTANCE_ADVICE.exe
-
Size
975KB
-
Sample
210119-bb5r7gnzne
-
MD5
518c314827a6d5fca576e1a1dda788e9
-
SHA1
4eae33a11a49f4e67cc81195226cb24411a9285e
-
SHA256
9fa98d845147978f040107c6d725a2b12ba15c204c54ed6d726c0780b40c68c3
-
SHA512
8b443b00578e6ef1337f539be6be388a2b7dc325f1c8b1dfb6154770cda70bdb7d6ca70fbabfc647cb4fa0e7b0620f9e9bf0edbe04b972cbde1d6bfe1490ec90
Static task
static1
Behavioral task
behavioral1
Sample
EFT_REMITTANCE_ADVICE.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
EFT_REMITTANCE_ADVICE.exe
Resource
win10v20201028
Malware Config
Extracted
warzonerat
vigo147.duckdns.org:5200
Targets
-
-
Target
EFT_REMITTANCE_ADVICE.exe
-
Size
975KB
-
MD5
518c314827a6d5fca576e1a1dda788e9
-
SHA1
4eae33a11a49f4e67cc81195226cb24411a9285e
-
SHA256
9fa98d845147978f040107c6d725a2b12ba15c204c54ed6d726c0780b40c68c3
-
SHA512
8b443b00578e6ef1337f539be6be388a2b7dc325f1c8b1dfb6154770cda70bdb7d6ca70fbabfc647cb4fa0e7b0620f9e9bf0edbe04b972cbde1d6bfe1490ec90
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-