General
-
Target
FRQ_05694 revised quantity.com
-
Size
877KB
-
Sample
210405-hzazebst3j
-
MD5
bf2da3e5994261e3b37b66785f1e2df9
-
SHA1
4e3cb839e6e1b5181ba36847a7c8ea243d22443f
-
SHA256
5ba2e4021682f2700ca05c93eb32efb3c93d7bebd816842bdcca6cc768771cbe
-
SHA512
2db8779258836d956ac2f3f1a744652ed74459c3c1d8a271a3c8fd87b935ffec41703edd3b12c09d3d41c76042e4c2260fbf994c1ed94b685189b71582213754
Static task
static1
Behavioral task
behavioral1
Sample
FRQ_05694 revised quantity.com.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
FRQ_05694 revised quantity.com.exe
Resource
win10v20201028
Malware Config
Extracted
warzonerat
185.140.53.69:4080
Targets
-
-
Target
FRQ_05694 revised quantity.com
-
Size
877KB
-
MD5
bf2da3e5994261e3b37b66785f1e2df9
-
SHA1
4e3cb839e6e1b5181ba36847a7c8ea243d22443f
-
SHA256
5ba2e4021682f2700ca05c93eb32efb3c93d7bebd816842bdcca6cc768771cbe
-
SHA512
2db8779258836d956ac2f3f1a744652ed74459c3c1d8a271a3c8fd87b935ffec41703edd3b12c09d3d41c76042e4c2260fbf994c1ed94b685189b71582213754
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-