General
-
Target
PO44653 FOB - One Below.vbs
-
Size
5KB
-
Sample
211006-k42xhabbdj
-
MD5
c325775c40c2aae59f48d429c25bbb1e
-
SHA1
dfc2fb8825b0dd4adb92a57b80ef7448ada89c45
-
SHA256
4dfdc21fd3e1e41e30e01aa20f867d7daca122052bd82fa0a2026e03530a43e4
-
SHA512
e8c3e08e657248da7bac98a2c023a1b1f0894bf08a0cd4cda3a065503485cf69a5627ad0354a1b83687594502cdfb42ef9664967c19eb94a516cec8700106ace
Static task
static1
Behavioral task
behavioral1
Sample
PO44653 FOB - One Below.vbs
Resource
win7v20210408
Behavioral task
behavioral2
Sample
PO44653 FOB - One Below.vbs
Resource
win10-en-20210920
Malware Config
Extracted
warzonerat
185.29.10.25:2468
Targets
-
-
Target
PO44653 FOB - One Below.vbs
-
Size
5KB
-
MD5
c325775c40c2aae59f48d429c25bbb1e
-
SHA1
dfc2fb8825b0dd4adb92a57b80ef7448ada89c45
-
SHA256
4dfdc21fd3e1e41e30e01aa20f867d7daca122052bd82fa0a2026e03530a43e4
-
SHA512
e8c3e08e657248da7bac98a2c023a1b1f0894bf08a0cd4cda3a065503485cf69a5627ad0354a1b83687594502cdfb42ef9664967c19eb94a516cec8700106ace
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-