General
-
Target
Purchase-Order3009837.exe
-
Size
627KB
-
Sample
211202-rrwy2scgd3
-
MD5
18f78602b7f09501d5575809c5111d44
-
SHA1
bf4a38c98cd0f03f47e9dc989324c359bac2b701
-
SHA256
a38721cf393bceba06b9fc1b197906cff368fafd6b8b9884e7151b50c07633d0
-
SHA512
5c388ec192239d90b8fbe0ab4c9b2b5c9660a7b981eb562e04458d68cbe2ffa4a342605a14c61c944caf2fd09da2b8a2ebd6c9c6996f16e2a2c5c2361ac07c70
Static task
static1
Behavioral task
behavioral1
Sample
Purchase-Order3009837.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
Purchase-Order3009837.exe
Resource
win10-en-20211014
Malware Config
Extracted
warzonerat
grekris.freeddns.org:3345
Targets
-
-
Target
Purchase-Order3009837.exe
-
Size
627KB
-
MD5
18f78602b7f09501d5575809c5111d44
-
SHA1
bf4a38c98cd0f03f47e9dc989324c359bac2b701
-
SHA256
a38721cf393bceba06b9fc1b197906cff368fafd6b8b9884e7151b50c07633d0
-
SHA512
5c388ec192239d90b8fbe0ab4c9b2b5c9660a7b981eb562e04458d68cbe2ffa4a342605a14c61c944caf2fd09da2b8a2ebd6c9c6996f16e2a2c5c2361ac07c70
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-