General
-
Target
Doc_30710489927_019_00003_00000095.PDF.exe
-
Size
894KB
-
Sample
220222-sg4rksbcgp
-
MD5
7f6ab75be580b393be36e6f719a81160
-
SHA1
7f0868bbb588515f2e5736d4af50586200edf40d
-
SHA256
e62c0426c4787b0ac507f10bd9d3b6439dd8e5a3558bf6be2c2fbee698753d34
-
SHA512
d53eda31af74ec0fab6421c9d62bd525b5dcf11c97f73cdc052fc57a8c586d06ac4c2bce2e8d49306e5273b8da6af877fd09db467495e0211cec0110687f7a73
Static task
static1
Behavioral task
behavioral1
Sample
Doc_30710489927_019_00003_00000095.PDF.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
Doc_30710489927_019_00003_00000095.PDF.exe
Resource
win10-en-20211208
Malware Config
Extracted
warzonerat
hafiznor336.duckdns.org:8593
Targets
-
-
Target
Doc_30710489927_019_00003_00000095.PDF.exe
-
Size
894KB
-
MD5
7f6ab75be580b393be36e6f719a81160
-
SHA1
7f0868bbb588515f2e5736d4af50586200edf40d
-
SHA256
e62c0426c4787b0ac507f10bd9d3b6439dd8e5a3558bf6be2c2fbee698753d34
-
SHA512
d53eda31af74ec0fab6421c9d62bd525b5dcf11c97f73cdc052fc57a8c586d06ac4c2bce2e8d49306e5273b8da6af877fd09db467495e0211cec0110687f7a73
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-