General
-
Target
PCS TENDER PROFILE-20210920.exe
-
Size
33KB
-
Sample
211012-pexcyaccg4
-
MD5
d1fe1af58a4415d8cf2077859c54c890
-
SHA1
3d816d34c7eb5ad8acd9acdf58ff592be2c7abd6
-
SHA256
7c20ae59b3664ed8156619a16a1b7f5764f059cc7ebd3c77f3348ca7cd03340d
-
SHA512
e2aa13533fafadbd223777f6defa1055829f14b71b947f6256798e09d2cd6e094b32054aa7dd26621f11c16a519b2d0d831e7c9aba42a750dad7b0d3eb1698fe
Static task
static1
Behavioral task
behavioral1
Sample
PCS TENDER PROFILE-20210920.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
PCS TENDER PROFILE-20210920.exe
Resource
win10v20210408
Malware Config
Extracted
warzonerat
enginekeysmoney.ddns.net:9671
Targets
-
-
Target
PCS TENDER PROFILE-20210920.exe
-
Size
33KB
-
MD5
d1fe1af58a4415d8cf2077859c54c890
-
SHA1
3d816d34c7eb5ad8acd9acdf58ff592be2c7abd6
-
SHA256
7c20ae59b3664ed8156619a16a1b7f5764f059cc7ebd3c77f3348ca7cd03340d
-
SHA512
e2aa13533fafadbd223777f6defa1055829f14b71b947f6256798e09d2cd6e094b32054aa7dd26621f11c16a519b2d0d831e7c9aba42a750dad7b0d3eb1698fe
-
Modifies WinLogon for persistence
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-