General
-
Target
request for quotation.exe
-
Size
378KB
-
Sample
210715-l1ldtbgt16
-
MD5
7541fe0a0aee6de4e53bedc50d379119
-
SHA1
544d6ff5db4cc296217790850333c16ed07238d4
-
SHA256
9d43e942f513a32e1c0db58de3d63abb24a8a4bc7bef3da4a6106656b9a64a5f
-
SHA512
fecbef32a2e7a2d3912e1e3de6dc483d618e01d7a2d65de8fd2a520e2124bdc036999bd927f53a2f8a7261151e700275fffc1634bd4a6dc63e268001e06334fa
Static task
static1
Behavioral task
behavioral1
Sample
request for quotation.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
request for quotation.exe
Resource
win10v20210408
Malware Config
Extracted
warzonerat
ugo123.hopto.org:5032
Targets
-
-
Target
request for quotation.exe
-
Size
378KB
-
MD5
7541fe0a0aee6de4e53bedc50d379119
-
SHA1
544d6ff5db4cc296217790850333c16ed07238d4
-
SHA256
9d43e942f513a32e1c0db58de3d63abb24a8a4bc7bef3da4a6106656b9a64a5f
-
SHA512
fecbef32a2e7a2d3912e1e3de6dc483d618e01d7a2d65de8fd2a520e2124bdc036999bd927f53a2f8a7261151e700275fffc1634bd4a6dc63e268001e06334fa
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-