General
-
Target
Request For New Qoute - Ist Order.exe
-
Size
25KB
-
Sample
211013-lgjcbadffj
-
MD5
065ee8fa88089e6576aad4b66d1322f8
-
SHA1
fadd1d9044f51212fa81c9f3fe676915c1f99d42
-
SHA256
11f7307f314fccd2b1162443bb699d885f5e325b4b638a10997d98247463acfe
-
SHA512
facc63e88bda539b169bae754cb5644e3df07a12d52bcfab0ae441ce6f00ee834f251ea81502617a11bb0da59436e427729cf914e7ff953499286170e8567324
Static task
static1
Behavioral task
behavioral1
Sample
Request For New Qoute - Ist Order.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
Request For New Qoute - Ist Order.exe
Resource
win10v20210408
Malware Config
Extracted
warzonerat
enginekeysmoney.ddns.net:9671
Targets
-
-
Target
Request For New Qoute - Ist Order.exe
-
Size
25KB
-
MD5
065ee8fa88089e6576aad4b66d1322f8
-
SHA1
fadd1d9044f51212fa81c9f3fe676915c1f99d42
-
SHA256
11f7307f314fccd2b1162443bb699d885f5e325b4b638a10997d98247463acfe
-
SHA512
facc63e88bda539b169bae754cb5644e3df07a12d52bcfab0ae441ce6f00ee834f251ea81502617a11bb0da59436e427729cf914e7ff953499286170e8567324
-
Modifies WinLogon for persistence
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-