General
-
Target
perchase order.pdf.exe
-
Size
857KB
-
Sample
210415-lxqxtr9mae
-
MD5
26be3a515c42d2bc57e190143fe239f2
-
SHA1
2049d1c5d7e389f134ce94dc7e3d64cb86a9ff6c
-
SHA256
5e2d71b05993c4b8e96fec7d0587625bcd45168d1c2deda8be007d7b18da8927
-
SHA512
422d051609b1659be0bffa0dbcaefbed967b3ae6f7870ab241264801dd32b5a46b2044ce5a0b95a802bd8ae9e63fe644cbd1aa8d2460b7a780ad6f15e5cdeed5
Static task
static1
Behavioral task
behavioral1
Sample
perchase order.pdf.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
perchase order.pdf.exe
Resource
win10v20210410
Malware Config
Extracted
warzonerat
79.134.225.102:1414
Targets
-
-
Target
perchase order.pdf.exe
-
Size
857KB
-
MD5
26be3a515c42d2bc57e190143fe239f2
-
SHA1
2049d1c5d7e389f134ce94dc7e3d64cb86a9ff6c
-
SHA256
5e2d71b05993c4b8e96fec7d0587625bcd45168d1c2deda8be007d7b18da8927
-
SHA512
422d051609b1659be0bffa0dbcaefbed967b3ae6f7870ab241264801dd32b5a46b2044ce5a0b95a802bd8ae9e63fe644cbd1aa8d2460b7a780ad6f15e5cdeed5
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-