General
-
Target
Fast color scan to a PDFfile_1_20210331084231346.pdf.exe
-
Size
734KB
-
Sample
210407-9ve7nj4srx
-
MD5
1f87348ab64e5b7c5d7c7a010251904d
-
SHA1
624ed4ab4eacfb63176b60dc4865b77f2b932ae4
-
SHA256
f39db650747130dd3ae0e3a1b1912ef321a70bce4dbc07ddf7cbe28c4273dbba
-
SHA512
ccc400f344e5bb9a0ae0931c077dbc76e02ab214a29e1954024c6aec6512676f1525521e414332654af427b3c671747be3adf138cdb97c57a52263af568dc7f7
Static task
static1
Behavioral task
behavioral1
Sample
Fast color scan to a PDFfile_1_20210331084231346.pdf.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Fast color scan to a PDFfile_1_20210331084231346.pdf.exe
Resource
win10v20201028
Malware Config
Extracted
warzonerat
79.134.225.102:1414
Targets
-
-
Target
Fast color scan to a PDFfile_1_20210331084231346.pdf.exe
-
Size
734KB
-
MD5
1f87348ab64e5b7c5d7c7a010251904d
-
SHA1
624ed4ab4eacfb63176b60dc4865b77f2b932ae4
-
SHA256
f39db650747130dd3ae0e3a1b1912ef321a70bce4dbc07ddf7cbe28c4273dbba
-
SHA512
ccc400f344e5bb9a0ae0931c077dbc76e02ab214a29e1954024c6aec6512676f1525521e414332654af427b3c671747be3adf138cdb97c57a52263af568dc7f7
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-