General
-
Target
DHL_EXPRES_INFORMATION-0100032021-0241429142009616.exe
-
Size
516KB
-
Sample
211004-fyq6lagaar
-
MD5
744d8cfe9741f30e34fd8c8d702bf641
-
SHA1
2f152b054393fdaaa05de6335ba12c3cb642a502
-
SHA256
cf7121280fc47f569af78084d7eced02fc6e2967964d09f4b6dc83f5829be15c
-
SHA512
3864735b900f33cd9c241d7fb1d9bf06d5d17d93c07f9964266bd51c4cc463dc9cbb06b930b3d05664d3402b944270ecdbc68af07abf871d47baedd874161619
Static task
static1
Behavioral task
behavioral1
Sample
DHL_EXPRES_INFORMATION-0100032021-0241429142009616.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
DHL_EXPRES_INFORMATION-0100032021-0241429142009616.exe
Resource
win10-en-20210920
Malware Config
Extracted
warzonerat
185.19.85.154:9971
Targets
-
-
Target
DHL_EXPRES_INFORMATION-0100032021-0241429142009616.exe
-
Size
516KB
-
MD5
744d8cfe9741f30e34fd8c8d702bf641
-
SHA1
2f152b054393fdaaa05de6335ba12c3cb642a502
-
SHA256
cf7121280fc47f569af78084d7eced02fc6e2967964d09f4b6dc83f5829be15c
-
SHA512
3864735b900f33cd9c241d7fb1d9bf06d5d17d93c07f9964266bd51c4cc463dc9cbb06b930b3d05664d3402b944270ecdbc68af07abf871d47baedd874161619
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-