General
-
Target
0481f43c7f5b88e571514182c7ed5f64
-
Size
457KB
-
Sample
210726-7rhezxfyzj
-
MD5
0481f43c7f5b88e571514182c7ed5f64
-
SHA1
6b597b3ddb06f3d68323c43a3d000452a115501d
-
SHA256
885e34ff7befbdcdb027a017843cbacdba7eebb34d3df2e3113cceb9adafe8b5
-
SHA512
a7d260045043187546a437a5d708eabffcd339648a45cc23b175fc3cba996551f696dd3b114b1630be6e23324b63906788ffe5cf93e3849b382c30d391b6d9ba
Static task
static1
Behavioral task
behavioral1
Sample
0481f43c7f5b88e571514182c7ed5f64.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
0481f43c7f5b88e571514182c7ed5f64.exe
Resource
win10v20210408
Malware Config
Extracted
warzonerat
byx.z86.ru:5200
Extracted
remcos
1.7 Pro
Host
dpqw-avira.bot.nu:2404
-
audio_folder
audio
-
audio_path
%AppData%
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
5
-
copy_file
explorer.exe
-
copy_folder
windows
-
delete_file
false
-
hide_file
true
-
hide_keylog_file
false
-
install_flag
true
-
install_path
%AppData%
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
keylog_path
%AppData%
-
mouse_option
false
-
mutex
remcos_abihghbcgbxx#
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screens
-
screenshot_path
%AppData%
-
screenshot_time
1
-
startup_value
pdf
-
take_screenshot_option
false
-
take_screenshot_time
5
- take_screenshot_title
Targets
-
-
Target
0481f43c7f5b88e571514182c7ed5f64
-
Size
457KB
-
MD5
0481f43c7f5b88e571514182c7ed5f64
-
SHA1
6b597b3ddb06f3d68323c43a3d000452a115501d
-
SHA256
885e34ff7befbdcdb027a017843cbacdba7eebb34d3df2e3113cceb9adafe8b5
-
SHA512
a7d260045043187546a437a5d708eabffcd339648a45cc23b175fc3cba996551f696dd3b114b1630be6e23324b63906788ffe5cf93e3849b382c30d391b6d9ba
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-