General
-
Target
KINDLY QUOTE COMPETITIVE PRICE.exe
-
Size
634KB
-
Sample
210715-te2vt6hhvx
-
MD5
24cdb20f9b57a58becd8db704caaec1a
-
SHA1
1420f8d5e00c7294cc1ef249cd159852f574b96c
-
SHA256
20b8d427a1603e1262b0c7d9a5119d0ea775cb69c690098ecd12a1037a443892
-
SHA512
39f492af2fb5dc53820cb641263e41e1c1ab808cf0d9010748ea4aabf77798d9df381100d62e447bad4cbb861c623f8e06a3a24b442a3ab144144757f1edbf6f
Static task
static1
Behavioral task
behavioral1
Sample
KINDLY QUOTE COMPETITIVE PRICE.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
KINDLY QUOTE COMPETITIVE PRICE.exe
Resource
win10v20210408
Malware Config
Extracted
warzonerat
dar123.hopto.org:5032
Targets
-
-
Target
KINDLY QUOTE COMPETITIVE PRICE.exe
-
Size
634KB
-
MD5
24cdb20f9b57a58becd8db704caaec1a
-
SHA1
1420f8d5e00c7294cc1ef249cd159852f574b96c
-
SHA256
20b8d427a1603e1262b0c7d9a5119d0ea775cb69c690098ecd12a1037a443892
-
SHA512
39f492af2fb5dc53820cb641263e41e1c1ab808cf0d9010748ea4aabf77798d9df381100d62e447bad4cbb861c623f8e06a3a24b442a3ab144144757f1edbf6f
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Loads dropped DLL
-
Adds Run key to start application
-