General
-
Target
Shipping_Document.bin.zip
-
Size
158KB
-
Sample
210706-jdqtwnz9rn
-
MD5
41272e28557b97c33eadda7ac9369018
-
SHA1
757c1c0d4973491b6d0c0dd8eaaf7f4ba980f0b4
-
SHA256
a1243a38330795199e8f5fd90b3225a6ba40dd5f2b899a621babefa4f293fb06
-
SHA512
b3337e62cc4afffcc417448344f77d015c2e0e7e78845d76fa9252859219fbe9486d39fe93f9c3c16d4e3889024d38c4cb12dac0e09bf01f48db331773111022
Static task
static1
Behavioral task
behavioral1
Sample
Shipping_Document.bin.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
Shipping_Document.bin.exe
Resource
win10v20210410
Malware Config
Extracted
warzonerat
sipex2021.ddns.net:6397
Targets
-
-
Target
Shipping_Document.bin
-
Size
172KB
-
MD5
2582f47250f2f04af9f177806c815b27
-
SHA1
efd4dc08e17ab0045d459741c06253e2ff874a48
-
SHA256
b342f081e96f0e433e6caf6fb87fe7f390bd134e1e9e8f53676af8a95391e77b
-
SHA512
d0bc8d3055431d2a5e6188bb07bfdb1925d403dc51bec5fdf5c2a105e0240ced3196d5c3b87756150c8e4b247ddf7bef25ff2eafb2afab125da31d0b3462058f
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-