General
-
Target
proforma invoice.exe
-
Size
529KB
-
Sample
210715-9brz89smp2
-
MD5
f037acb1b049f26a865e27398d12bc38
-
SHA1
49dc65e895ca6553c8ac6f98adae426582d18d52
-
SHA256
4757d64431cbf911d9a6cc5b1cd96ee7f733dd0eb05c41f1fa100ba3d354d4a5
-
SHA512
ad5c6d9640505b12f3c1220eeca91f71a9d22220064eee018f8502a223e7e0c6c428b8996a9514a6cef9895a912054f83765f4a974867c59dc91156059335cbf
Static task
static1
Behavioral task
behavioral1
Sample
proforma invoice.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
proforma invoice.exe
Resource
win10v20210410
Malware Config
Extracted
warzonerat
ugo123.hopto.org:5032
Targets
-
-
Target
proforma invoice.exe
-
Size
529KB
-
MD5
f037acb1b049f26a865e27398d12bc38
-
SHA1
49dc65e895ca6553c8ac6f98adae426582d18d52
-
SHA256
4757d64431cbf911d9a6cc5b1cd96ee7f733dd0eb05c41f1fa100ba3d354d4a5
-
SHA512
ad5c6d9640505b12f3c1220eeca91f71a9d22220064eee018f8502a223e7e0c6c428b8996a9514a6cef9895a912054f83765f4a974867c59dc91156059335cbf
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Loads dropped DLL
-
Adds Run key to start application
-