General
-
Target
New Orders.exe
-
Size
64KB
-
Sample
210407-4a5n1mktpx
-
MD5
d507f6899284562b5cab349e1082c297
-
SHA1
04f6718483f0590119e56edbb73420fa5431c9d5
-
SHA256
c44cd8ef8c5361ab56ad3d6fbf4d8eab7f531f9e12480626a461f4de8e4e827a
-
SHA512
0f6c8f84396224d0914d197dbedbf04e47f079e866bf5116f4d910e0c21a3b2d70cfeeb7c53b23650af683bcd796fb0204bff9cc2ca5e1d06a57f571d94ffb6a
Static task
static1
Behavioral task
behavioral1
Sample
New Orders.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
New Orders.exe
Resource
win10v20201028
Malware Config
Extracted
warzonerat
104.209.133.4:7500
Targets
-
-
Target
New Orders.exe
-
Size
64KB
-
MD5
d507f6899284562b5cab349e1082c297
-
SHA1
04f6718483f0590119e56edbb73420fa5431c9d5
-
SHA256
c44cd8ef8c5361ab56ad3d6fbf4d8eab7f531f9e12480626a461f4de8e4e827a
-
SHA512
0f6c8f84396224d0914d197dbedbf04e47f079e866bf5116f4d910e0c21a3b2d70cfeeb7c53b23650af683bcd796fb0204bff9cc2ca5e1d06a57f571d94ffb6a
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Suspicious use of SetThreadContext
-