General
-
Target
Arifashayan_2020_06_04_RFQ.exe
-
Size
734KB
-
Sample
210407-gks3q4hkcj
-
MD5
3bdd9fe778002e20e2db0830a6199bb7
-
SHA1
9b9b32127c5bb8b99902cd8abfe857903087a2b3
-
SHA256
757d6be9f53d159e382e9b82a4baa567d4a8173b30ccd788234f4afb5db16eba
-
SHA512
a581d78bc1e744821274c32810ae09eb187c2bc7356c8789310c36282bb04148d623c3a27fc15f10c18c64927eb07f4230ee0b5721004765a7e1a480f0c0269b
Static task
static1
Behavioral task
behavioral1
Sample
Arifashayan_2020_06_04_RFQ.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Arifashayan_2020_06_04_RFQ.exe
Resource
win10v20201028
Malware Config
Extracted
warzonerat
genasispony.hopto.org:4477
Targets
-
-
Target
Arifashayan_2020_06_04_RFQ.exe
-
Size
734KB
-
MD5
3bdd9fe778002e20e2db0830a6199bb7
-
SHA1
9b9b32127c5bb8b99902cd8abfe857903087a2b3
-
SHA256
757d6be9f53d159e382e9b82a4baa567d4a8173b30ccd788234f4afb5db16eba
-
SHA512
a581d78bc1e744821274c32810ae09eb187c2bc7356c8789310c36282bb04148d623c3a27fc15f10c18c64927eb07f4230ee0b5721004765a7e1a480f0c0269b
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Suspicious use of SetThreadContext
-