General
-
Target
Orden de compra.exe
-
Size
808KB
-
Sample
210720-pdegckttdx
-
MD5
0e01d4a19afa5c98b4ea02e90d1452bc
-
SHA1
f450f340626bb0e9c89d04d0bb2ec97dcc9d4628
-
SHA256
a2f8c191b7fb47cf9266a986aa47e6897d6615889b76a0050450fb68afc279f6
-
SHA512
d255c6198db56993b84ffc8ade0b5717972fa3f42a81fa36ab65272e803005c4cdbf27da39f4673b97a777dc0013e0c3cbb6db6c4b8ddf3ccfc0869c4934e88a
Static task
static1
Behavioral task
behavioral1
Sample
Orden de compra.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
Orden de compra.exe
Resource
win10v20210410
Malware Config
Extracted
warzonerat
juner234.ddns.net:5793
Targets
-
-
Target
Orden de compra.exe
-
Size
808KB
-
MD5
0e01d4a19afa5c98b4ea02e90d1452bc
-
SHA1
f450f340626bb0e9c89d04d0bb2ec97dcc9d4628
-
SHA256
a2f8c191b7fb47cf9266a986aa47e6897d6615889b76a0050450fb68afc279f6
-
SHA512
d255c6198db56993b84ffc8ade0b5717972fa3f42a81fa36ab65272e803005c4cdbf27da39f4673b97a777dc0013e0c3cbb6db6c4b8ddf3ccfc0869c4934e88a
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Blocklisted process makes network request
-
Loads dropped DLL
-