General
-
Target
SHIPPING DOCUMENTS.exe
-
Size
893KB
-
Sample
210119-y8ag957ate
-
MD5
954ab9aadb3927539440b2e50cc6fc14
-
SHA1
5cca431b044071b3a44cea641abd59837eb60277
-
SHA256
56a2197cef63d3768d8a21986261f24dc94571b06786a093253a161857b821c4
-
SHA512
c0f78e2b1b26652b4c52c66d655cdd4fc5c43826d498eda276a189b83293bcfdc2ee0a4e24e693b78c816e6cec4039876e9a5bc16f77b30495548ea1f295c58d
Static task
static1
Behavioral task
behavioral1
Sample
SHIPPING DOCUMENTS.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
SHIPPING DOCUMENTS.exe
Resource
win10v20201028
Malware Config
Extracted
warzonerat
20.190.63.69:8600
Targets
-
-
Target
SHIPPING DOCUMENTS.exe
-
Size
893KB
-
MD5
954ab9aadb3927539440b2e50cc6fc14
-
SHA1
5cca431b044071b3a44cea641abd59837eb60277
-
SHA256
56a2197cef63d3768d8a21986261f24dc94571b06786a093253a161857b821c4
-
SHA512
c0f78e2b1b26652b4c52c66d655cdd4fc5c43826d498eda276a189b83293bcfdc2ee0a4e24e693b78c816e6cec4039876e9a5bc16f77b30495548ea1f295c58d
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Suspicious use of SetThreadContext
-