General
-
Target
DHL_Jul 2021 at 1.70_3BZ290_PDF.exe
-
Size
796KB
-
Sample
210713-f41ybj3t8e
-
MD5
46ce1867ca55f06b6ff84e654822e082
-
SHA1
ce5e6eabeeb9fa2ded224013e115f7abbfbc60d4
-
SHA256
acf32ff7188603f606595a6609981a97cabdb0c716e9bae65aed3af301f21b35
-
SHA512
14da6bd56599409d17255fc51326ffdd11ca0679e5125d6dbd7fdb682abac90de3b08e2dc4ee79a8935e2eff20dbad2c27bee24484c47581d26968e5bae725b6
Static task
static1
Behavioral task
behavioral1
Sample
DHL_Jul 2021 at 1.70_3BZ290_PDF.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
DHL_Jul 2021 at 1.70_3BZ290_PDF.exe
Resource
win10v20210410
Malware Config
Extracted
warzonerat
103.133.109.176:7600
Targets
-
-
Target
DHL_Jul 2021 at 1.70_3BZ290_PDF.exe
-
Size
796KB
-
MD5
46ce1867ca55f06b6ff84e654822e082
-
SHA1
ce5e6eabeeb9fa2ded224013e115f7abbfbc60d4
-
SHA256
acf32ff7188603f606595a6609981a97cabdb0c716e9bae65aed3af301f21b35
-
SHA512
14da6bd56599409d17255fc51326ffdd11ca0679e5125d6dbd7fdb682abac90de3b08e2dc4ee79a8935e2eff20dbad2c27bee24484c47581d26968e5bae725b6
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-