General
-
Target
AWB.pdf.exe
-
Size
810KB
-
Sample
210408-1ylgjjzrtj
-
MD5
d747ed50da2983aa8998257a637c52fb
-
SHA1
f6f44d82d9601d031a7f7d4f39117c4c80b66870
-
SHA256
ded4e82e8bfda8917d4e15429c931da9afc33fb902e29a4e5fb06bd7ef30075b
-
SHA512
6fe85c93947f85d7d9edfe1ca5830d04cda08551d54d539b5e562914ec02a2aef49767233fcf8b6310632bdd95140bab6399b4193d09ce2fbf4404ca822b9e99
Static task
static1
Behavioral task
behavioral1
Sample
AWB.pdf.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
AWB.pdf.exe
Resource
win10v20201028
Malware Config
Extracted
warzonerat
79.134.225.102:1414
Targets
-
-
Target
AWB.pdf.exe
-
Size
810KB
-
MD5
d747ed50da2983aa8998257a637c52fb
-
SHA1
f6f44d82d9601d031a7f7d4f39117c4c80b66870
-
SHA256
ded4e82e8bfda8917d4e15429c931da9afc33fb902e29a4e5fb06bd7ef30075b
-
SHA512
6fe85c93947f85d7d9edfe1ca5830d04cda08551d54d539b5e562914ec02a2aef49767233fcf8b6310632bdd95140bab6399b4193d09ce2fbf4404ca822b9e99
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-