General
-
Target
VD178-TVCKM-E-001 - REQUEST FOR QUOTATION.exe
-
Size
1.2MB
-
Sample
210724-t8qwme62gx
-
MD5
c56af6abad96b98796f4164aa907c49c
-
SHA1
c39ba60ebd274dd3f2feb0fc59f37692ca38d9b4
-
SHA256
6f58cdc58d928aacafb9d968e74b81aa1c3a3565ae39b494d48ba7b054873a07
-
SHA512
e0b674b5e92cfbdf776ab336302b8c18434f8e3a4b63b3288fc35b7435ae90ab56fbd3a459c9e94888ac8a8d699942c0c2195984ada8e5b2b74f07a0016e9edf
Static task
static1
Behavioral task
behavioral1
Sample
VD178-TVCKM-E-001 - REQUEST FOR QUOTATION.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
VD178-TVCKM-E-001 - REQUEST FOR QUOTATION.exe
Resource
win10v20210408
Malware Config
Extracted
warzonerat
185.222.57.73:4557
Targets
-
-
Target
VD178-TVCKM-E-001 - REQUEST FOR QUOTATION.exe
-
Size
1.2MB
-
MD5
c56af6abad96b98796f4164aa907c49c
-
SHA1
c39ba60ebd274dd3f2feb0fc59f37692ca38d9b4
-
SHA256
6f58cdc58d928aacafb9d968e74b81aa1c3a3565ae39b494d48ba7b054873a07
-
SHA512
e0b674b5e92cfbdf776ab336302b8c18434f8e3a4b63b3288fc35b7435ae90ab56fbd3a459c9e94888ac8a8d699942c0c2195984ada8e5b2b74f07a0016e9edf
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-