General
-
Target
Fedex Notification.exe
-
Size
79KB
-
Sample
210404-64fwfe97mn
-
MD5
4153b601fc1dd6537b6997bce512e0f1
-
SHA1
a263ed16f03b04d0853f3686af841f496537dd23
-
SHA256
5242c4552e512707dbeb3b004cb441cc140b6cfe813a4d6532f4adec03bcb23c
-
SHA512
bede3b453dc9c7453af4d8eff5ef77f32afbc7265d72c15f3a4945d4e726e6c6e77aafb8bd9a537db5a26940d15fc79cc203510b4a9cd1f16e5f6da3f0bfaa77
Static task
static1
Behavioral task
behavioral1
Sample
Fedex Notification.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Fedex Notification.exe
Resource
win10v20201028
Malware Config
Extracted
warzonerat
103.199.17.185:5200
Targets
-
-
Target
Fedex Notification.exe
-
Size
79KB
-
MD5
4153b601fc1dd6537b6997bce512e0f1
-
SHA1
a263ed16f03b04d0853f3686af841f496537dd23
-
SHA256
5242c4552e512707dbeb3b004cb441cc140b6cfe813a4d6532f4adec03bcb23c
-
SHA512
bede3b453dc9c7453af4d8eff5ef77f32afbc7265d72c15f3a4945d4e726e6c6e77aafb8bd9a537db5a26940d15fc79cc203510b4a9cd1f16e5f6da3f0bfaa77
Score10/10-
Turns off Windows Defender SpyNet reporting
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Nirsoft
-
Warzone RAT Payload
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-