General
-
Target
DHL ARRIVAL.exe
-
Size
24KB
-
Sample
210405-j8ppylh5mx
-
MD5
b8a397c2bb7b7b13dda84893c34707de
-
SHA1
aaafe2fbb98d4d52b47fab269efae6fb30882288
-
SHA256
321b6f97457bc64a7fa264043d5f7ce3b6dc1ddd735daf77820580b2f7ff7a93
-
SHA512
4851e9ede6e9179fae47f1304c306cae931302551452537a4bf8ff2aa6e194bdf0c12531da43d33d5bc990e4c3efa6f24a4822b5be20c5bcda66b964c4b1e846
Static task
static1
Behavioral task
behavioral1
Sample
DHL ARRIVAL.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
DHL ARRIVAL.exe
Resource
win10v20201028
Malware Config
Extracted
warzonerat
103.199.17.185:5200
Targets
-
-
Target
DHL ARRIVAL.exe
-
Size
24KB
-
MD5
b8a397c2bb7b7b13dda84893c34707de
-
SHA1
aaafe2fbb98d4d52b47fab269efae6fb30882288
-
SHA256
321b6f97457bc64a7fa264043d5f7ce3b6dc1ddd735daf77820580b2f7ff7a93
-
SHA512
4851e9ede6e9179fae47f1304c306cae931302551452537a4bf8ff2aa6e194bdf0c12531da43d33d5bc990e4c3efa6f24a4822b5be20c5bcda66b964c4b1e846
Score10/10-
Turns off Windows Defender SpyNet reporting
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Nirsoft
-
Warzone RAT Payload
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-