General
-
Target
Bank Millennium.bin.zip
-
Size
24KB
-
Sample
210726-lv7l3wfwq2
-
MD5
657eb971f9fb7bbc3a91a4b6e0a94951
-
SHA1
bab621f8714e09996d818cb77500e4eda77f84bb
-
SHA256
f8b2cdc588fd66dffef96f59812bbd175481e6facb1b94aba2ccef5b241aff7a
-
SHA512
4fd8dce3db7941fc2af24b5a43394e9669bd1dd36edde9834184c3c824821a397c5810b4ada1820ef3b32f38cbc5e70ceeeb06573396b6fe2f12e995423264e0
Static task
static1
Behavioral task
behavioral1
Sample
Bank Millennium.bin.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
Bank Millennium.bin.exe
Resource
win10v20210410
Malware Config
Extracted
warzonerat
185.157.160.215:2211
Targets
-
-
Target
Bank Millennium.bin
-
Size
85KB
-
MD5
e9a0412da07e244d2cf47c8edbdb9f24
-
SHA1
8ee7fe0ce62b889237033b236a50c0c3a478e58d
-
SHA256
e23af5d6048c8e86e22bd7117254d7f17bc97c24fe335ea3c411367bdd9953de
-
SHA512
801c1446e17793d8095ebdda54e90102d734717d60866d3e2703879dc5723445808b7ce943600393ee6d5cbdb8718776edeed1cff5d2bb15e8da1a748d117944
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Drops startup file
-
Suspicious use of SetThreadContext
-