General
-
Target
New purchase order August Delivery.7z
-
Size
434KB
-
Sample
210727-b2c8grphax
-
MD5
b8f8187bd3bada9f3a1d44cc1726bfeb
-
SHA1
eecc2768e3d989c2d1fe3650c9a8b2435db1f4b6
-
SHA256
ad962c8b6546d38f3f2eb1a529f0077edb48e842b4adb5fada0b0b74bdaa9378
-
SHA512
6d05acd7bd97f2ff67f22df1ff3f29e96aa3d8d8aa106f568e7191f31c4f582fe603e70c9207a323ecb5994f7d9925747ab84b707728e067e27bc70de74e3156
Static task
static1
Behavioral task
behavioral1
Sample
New purchase order August Delivery.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
New purchase order August Delivery.exe
Resource
win10v20210410
Malware Config
Extracted
warzonerat
51.210.65.37:4141
Targets
-
-
Target
New purchase order August Delivery.exe
-
Size
627KB
-
MD5
6759995c0cf74f1bc16b6f9c25b5809f
-
SHA1
0834e5ea4a9b329adf6da984eb295e3132df4819
-
SHA256
a2d837828437033b57d7fec2fd462bdbcc833a683abc71c85f05a0d56a89746b
-
SHA512
e5200b6691a77ab425420fffce6306e4c1d6e0b1dffcc1d7df0b200099302de788233abdb0c4a5a9a4c20d545233be6e72823d0ca346f8f67191ff36bb786fa2
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Warzone RAT Payload
-
Suspicious use of SetThreadContext
-