General
-
Target
Quotation for named specification new order.tar.gz
-
Size
593KB
-
Sample
210714-blymvah8tn
-
MD5
2b216584c4d55e8ef093e239448ebc8b
-
SHA1
dfe9455a6559f1e821fe6fcb721275061f27bfa5
-
SHA256
e59dae30834e8d82c8cd20b919ae274c02ea83e07bdc9d467a8a877bb8d741b6
-
SHA512
1874edc1cf807e75d6f72aae37c4508e822d59828a186ee30771509be32c93d4814fbdafd44d62f06f9837033a1f3689f8a8c49991afbae2d2ac3a7ca0d859d8
Static task
static1
Behavioral task
behavioral1
Sample
Quotation for named specification new order.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
Quotation for named specification new order.exe
Resource
win10v20210410
Malware Config
Extracted
warzonerat
princekelvin.ddns.net:4545
Targets
-
-
Target
Quotation for named specification new order.exe
-
Size
786KB
-
MD5
b8f0f94f760baa38503ac7da4faab222
-
SHA1
2775a004ef8bfdb79ed2fae45066b49d740b1afc
-
SHA256
d3147c430d999a7e8337cfb4120dff3079eef4bf51abc0c979f424eff86f1845
-
SHA512
1c789c724bd67ea1b5a0ee365b8bb40768e87cef7f861f76bdfa9ec7bf99be507d3233b8450722e63378eaa3f841deb94a643925747ad6bb491401b26b5715ec
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Suspicious use of SetThreadContext
-