General
-
Target
Product Emm 803030830019971 10082982820091989 109938377338393.exe
-
Size
17KB
-
Sample
210712-txnc2sf5bx
-
MD5
728961a48344fe5a70b1e3018e44c117
-
SHA1
4a9445a76f3d5b8713446dd98e9d5941a9f02b19
-
SHA256
e7b067c6a4b7ebf676eebc9b60c80be110c607e681220cce63675ba95068fa84
-
SHA512
4365af4884c40f047d826e81e4e9d09b138daccbdec53da5152d2b5261a0af6d352af2ad6a72e9b1d399664938f0f5cddb4f298e96b621ef1eb80943dac770b4
Static task
static1
Behavioral task
behavioral1
Sample
Product Emm 803030830019971 10082982820091989 109938377338393.exe
Resource
win7v20210410
Malware Config
Extracted
asyncrat
0.5.6A
194.5.98.174:1515
olodofries.ddns.net:1515
jclrvciebeihebxaath
-
aes_key
3CB55D8z04noSTo6JKEyNvPQrV3BwqD8
-
anti_detection
false
-
autorun
false
-
bdos
false
- delay
-
host
194.5.98.174,olodofries.ddns.net
-
hwid
5
- install_file
-
install_folder
%AppData%
-
mutex
jclrvciebeihebxaath
-
pastebin_config
null
-
port
1515
-
version
0.5.6A
Targets
-
-
Target
Product Emm 803030830019971 10082982820091989 109938377338393.exe
-
Size
17KB
-
MD5
728961a48344fe5a70b1e3018e44c117
-
SHA1
4a9445a76f3d5b8713446dd98e9d5941a9f02b19
-
SHA256
e7b067c6a4b7ebf676eebc9b60c80be110c607e681220cce63675ba95068fa84
-
SHA512
4365af4884c40f047d826e81e4e9d09b138daccbdec53da5152d2b5261a0af6d352af2ad6a72e9b1d399664938f0f5cddb4f298e96b621ef1eb80943dac770b4
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Async RAT payload
-
Nirsoft
-
Warzone RAT Payload
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-