General
-
Target
Quotation9011332.pdf.exe
-
Size
419KB
-
Sample
220406-fpmrtadfan
-
MD5
5016a372458c81a13e1adaa0baf5aa15
-
SHA1
5a491e0c563d0838d15bf3933b663cb10a285523
-
SHA256
0bb09b028f6802d5f9a967dd0a51f89f3b8fb939315abad0706c22e21651e376
-
SHA512
80025833be31737ee86b365563c7d33931a128ec6f09d2153ecf77aa17c2de9402c2538e631589e5f8c0eac916a84b027b351ee55d2e1b522bd27926cf5d4e7e
Static task
static1
Behavioral task
behavioral1
Sample
Quotation9011332.pdf.exe
Resource
win7-20220331-en
Behavioral task
behavioral2
Sample
Quotation9011332.pdf.exe
Resource
win10-20220310-en
Malware Config
Extracted
warzonerat
185.183.98.169:20911
Targets
-
-
Target
Quotation9011332.pdf.exe
-
Size
419KB
-
MD5
5016a372458c81a13e1adaa0baf5aa15
-
SHA1
5a491e0c563d0838d15bf3933b663cb10a285523
-
SHA256
0bb09b028f6802d5f9a967dd0a51f89f3b8fb939315abad0706c22e21651e376
-
SHA512
80025833be31737ee86b365563c7d33931a128ec6f09d2153ecf77aa17c2de9402c2538e631589e5f8c0eac916a84b027b351ee55d2e1b522bd27926cf5d4e7e
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Suspicious use of SetThreadContext
-