General
-
Target
SCB_MT103_31951R2105050031_200505.PDF.exe
-
Size
919KB
-
Sample
210505-k45gppneh6
-
MD5
cf3e6f4dd1b47b5e9f09f9b1165bb519
-
SHA1
68a1a10ad6b7eaa3d95b7eabefb53097cd44845f
-
SHA256
0288f149c280ae5dc3a27ab06b9cfc41582635226b9759e1aebe4d3e641074b4
-
SHA512
ac7c777dd47373c5a69c56e0948781c77a18731b630916ebbdae354f32ffd05c7e569f6d2b78fc61d4babc7537cf0126fa28c83246a2d2a75fcf499d36628148
Static task
static1
Behavioral task
behavioral1
Sample
SCB_MT103_31951R2105050031_200505.PDF.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
SCB_MT103_31951R2105050031_200505.PDF.exe
Resource
win10v20210410
Malware Config
Extracted
warzonerat
157.55.136.23:5300
Targets
-
-
Target
SCB_MT103_31951R2105050031_200505.PDF.exe
-
Size
919KB
-
MD5
cf3e6f4dd1b47b5e9f09f9b1165bb519
-
SHA1
68a1a10ad6b7eaa3d95b7eabefb53097cd44845f
-
SHA256
0288f149c280ae5dc3a27ab06b9cfc41582635226b9759e1aebe4d3e641074b4
-
SHA512
ac7c777dd47373c5a69c56e0948781c77a18731b630916ebbdae354f32ffd05c7e569f6d2b78fc61d4babc7537cf0126fa28c83246a2d2a75fcf499d36628148
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Suspicious use of SetThreadContext
-