General
-
Target
PO CMT201201-1 Profero.exe
-
Size
882KB
-
Sample
220224-vlhq1sdda2
-
MD5
e7487b6f4d54864954c5bb3f9194f6e0
-
SHA1
cb489d4820641d1f71a910b64ddb39fdbbc097e8
-
SHA256
a7f53b92008e8a3678035fc366bc1b88d152efc8466e9e82c754752d000a5ad5
-
SHA512
d2eab78afcdf08f663d4a35df8f953c7bc9bdb659b247fc051383f95fc9513d26408d2e4259ce1b0dead060789b89c03a8bd48b39c8c282b4295704758d383c9
Static task
static1
Behavioral task
behavioral1
Sample
PO CMT201201-1 Profero.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
PO CMT201201-1 Profero.exe
Resource
win10-20220223-en
Malware Config
Extracted
warzonerat
20.94.63.195:6488
Targets
-
-
Target
PO CMT201201-1 Profero.exe
-
Size
882KB
-
MD5
e7487b6f4d54864954c5bb3f9194f6e0
-
SHA1
cb489d4820641d1f71a910b64ddb39fdbbc097e8
-
SHA256
a7f53b92008e8a3678035fc366bc1b88d152efc8466e9e82c754752d000a5ad5
-
SHA512
d2eab78afcdf08f663d4a35df8f953c7bc9bdb659b247fc051383f95fc9513d26408d2e4259ce1b0dead060789b89c03a8bd48b39c8c282b4295704758d383c9
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Adds Run key to start application
-