General
-
Target
Purchase Order.exe
-
Size
406KB
-
Sample
210715-wyex7hlb4x
-
MD5
e6c4b3b21396e6dd650f9dd43aea0c5e
-
SHA1
3551fdfd1e6a4d657349b61d369f81aed7a84b2d
-
SHA256
e82c6834c7a9fb7ffa1d5b5ccafe0b2a97a4ff30bfe5e770e26f6b1232e5b672
-
SHA512
86642b21cddd76be5bb6800f7dc24e13d21674925964b1c038111ea17d58411027556409fa6b308192ac456e33f96467c53c4990402ed4eaea25af44ce3decc9
Static task
static1
Behavioral task
behavioral1
Sample
Purchase Order.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
Purchase Order.exe
Resource
win10v20210410
Malware Config
Extracted
warzonerat
dar123.hopto.org:5032
Targets
-
-
Target
Purchase Order.exe
-
Size
406KB
-
MD5
e6c4b3b21396e6dd650f9dd43aea0c5e
-
SHA1
3551fdfd1e6a4d657349b61d369f81aed7a84b2d
-
SHA256
e82c6834c7a9fb7ffa1d5b5ccafe0b2a97a4ff30bfe5e770e26f6b1232e5b672
-
SHA512
86642b21cddd76be5bb6800f7dc24e13d21674925964b1c038111ea17d58411027556409fa6b308192ac456e33f96467c53c4990402ed4eaea25af44ce3decc9
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-