General
-
Target
Purchase_order_eberspacher_sept.iso
-
Size
1.2MB
-
Sample
210917-x3vs1sbbgq
-
MD5
849cbfdeb92b16c4659605992740b705
-
SHA1
297d0c70c437f4116726af7b1b78e4f86e78cdae
-
SHA256
0a2c429101173ac2eaa13ceff69426c782cb40c5c0ef871ef9461a725b9cc7ab
-
SHA512
4a7756dad4510866e33b33732f8a60c065b9ca44f5a00b03fdd972a47c0cf9855e7c0e1efee3c5f6dc6fc4e0b37d6fbf46f4917b5bcdda0681c6e525d81f40a9
Static task
static1
Behavioral task
behavioral1
Sample
PURCHASE.EXE
Resource
win7-en-20210916
Malware Config
Extracted
warzonerat
184.75.221.59:7350
Targets
-
-
Target
PURCHASE.EXE
-
Size
617KB
-
MD5
e0478760e1af4a233be2e05cebc73b85
-
SHA1
c2809f0d05b78e170c31481b17a57a765d9878e7
-
SHA256
e5600822c775da813e316783e42306811993b13f49c30d1617f6878b5140b155
-
SHA512
240520523ea09764c8c04dfcae0a1152c74dab97c7cbb50e030cb3a7c4723113f26fcc06fb2b5bd2e32c8b6ed8f10e5fb227c67e4a2ad0831b096e157494ac96
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-