General
-
Target
Remittance_Advice.vbs
-
Size
875B
-
Sample
210723-9j6xnyejc2
-
MD5
fc4a8faf57b167de212a02466d0f5435
-
SHA1
8b83c8dad3b1168c37729b8c6551e7ac4d0071af
-
SHA256
84199bedc07e09ccb967692a43de715611625dc247ceea48ea2f4a7109bc5287
-
SHA512
855874d54ef794939a9c2da096dda06168f34cdb17500d762a4bbdaeb0e5ad687da86791150b83381e3617ff5ff88fb124c7b2d76c5f120b997d91206b7d18f0
Static task
static1
Behavioral task
behavioral1
Sample
Remittance_Advice.vbs
Resource
win7v20210410
Behavioral task
behavioral2
Sample
Remittance_Advice.vbs
Resource
win10v20210410
Malware Config
Extracted
https://www.maan2u.com/a/ALL.txt
Extracted
warzonerat
192..3.146.165:3543
Targets
-
-
Target
Remittance_Advice.vbs
-
Size
875B
-
MD5
fc4a8faf57b167de212a02466d0f5435
-
SHA1
8b83c8dad3b1168c37729b8c6551e7ac4d0071af
-
SHA256
84199bedc07e09ccb967692a43de715611625dc247ceea48ea2f4a7109bc5287
-
SHA512
855874d54ef794939a9c2da096dda06168f34cdb17500d762a4bbdaeb0e5ad687da86791150b83381e3617ff5ff88fb124c7b2d76c5f120b997d91206b7d18f0
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
suricata: ET MALWARE PE EXE or DLL Windows file download Text
-
Blocklisted process makes network request
-
Suspicious use of SetThreadContext
-