General
-
Target
samples ordered 024791.com
-
Size
472KB
-
Sample
210408-4681m6tq6x
-
MD5
2db416bd47696a5782a82376b592cdf1
-
SHA1
9347f30a05b36e4528a107549f304a5dcd8ab6e2
-
SHA256
890407f2497d9d1d7fbe7f5f823438821b458cf8f5e62eb7f0e3220c342cd68b
-
SHA512
28df114c54289f1ed19090eb03fef1c7cb076a8d11a3b58cc6a82b943c1f1a2ca19c1f280c1a1d5194a3223288c1abcb3a5266706be1f828bccbb61eea6ce82e
Static task
static1
Behavioral task
behavioral1
Sample
samples ordered 024791.com.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
samples ordered 024791.com.exe
Resource
win10v20201028
Malware Config
Extracted
warzonerat
185.140.53.69:4080
Targets
-
-
Target
samples ordered 024791.com
-
Size
472KB
-
MD5
2db416bd47696a5782a82376b592cdf1
-
SHA1
9347f30a05b36e4528a107549f304a5dcd8ab6e2
-
SHA256
890407f2497d9d1d7fbe7f5f823438821b458cf8f5e62eb7f0e3220c342cd68b
-
SHA512
28df114c54289f1ed19090eb03fef1c7cb076a8d11a3b58cc6a82b943c1f1a2ca19c1f280c1a1d5194a3223288c1abcb3a5266706be1f828bccbb61eea6ce82e
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-