General
-
Target
Shipment_Label_2010992804_PDF.scr
-
Size
79KB
-
Sample
210926-ws6xvsfbbq
-
MD5
b6786cee3227d70e4be1151c37e430ce
-
SHA1
d77a564bd597dd85b0649e9ab1b9d7aff70b58d6
-
SHA256
b884c311eb0332ba6f9c49d5a236a00d0737948573365ee7a86a1ffff8ca58df
-
SHA512
f01eb227761a4de329bcb3a978d776d9f0cc9c540e800b783dae2ae073a9e6b135bfebae9c7a2d94f08ff2502dd590cebabc31034d9db4b06de81b61ac349a42
Static task
static1
Behavioral task
behavioral1
Sample
Shipment_Label_2010992804_PDF.scr
Resource
win7v20210408
Behavioral task
behavioral2
Sample
Shipment_Label_2010992804_PDF.scr
Resource
win10-en-20210920
Malware Config
Extracted
warzonerat
45.162.228.171:26112
Targets
-
-
Target
Shipment_Label_2010992804_PDF.scr
-
Size
79KB
-
MD5
b6786cee3227d70e4be1151c37e430ce
-
SHA1
d77a564bd597dd85b0649e9ab1b9d7aff70b58d6
-
SHA256
b884c311eb0332ba6f9c49d5a236a00d0737948573365ee7a86a1ffff8ca58df
-
SHA512
f01eb227761a4de329bcb3a978d776d9f0cc9c540e800b783dae2ae073a9e6b135bfebae9c7a2d94f08ff2502dd590cebabc31034d9db4b06de81b61ac349a42
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-