General
-
Target
ordine_STAR_PROGETTI.exe
-
Size
241KB
-
Sample
220420-d9y98segfm
-
MD5
2ad05669a7a7b2ba56716f27878a7580
-
SHA1
8c8db0f237dd4dca94ea79c4f94616fb2d234e82
-
SHA256
0fa46517fa64c2d4aab6c75f3bdb210f1736947b81a4ff6b934085af88be129e
-
SHA512
b651a948b0e750afc40942743c22473ab30a47533cd3a21bed334f13da5a666414154fb5382d3b47bfe78a350d6068c620ada89fba5d490d65030392c0bedabc
Static task
static1
Behavioral task
behavioral1
Sample
ordine_STAR_PROGETTI.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
ordine_STAR_PROGETTI.exe
Resource
win10-20220414-en
Malware Config
Extracted
warzonerat
2.56.57.181:56789
Targets
-
-
Target
ordine_STAR_PROGETTI.exe
-
Size
241KB
-
MD5
2ad05669a7a7b2ba56716f27878a7580
-
SHA1
8c8db0f237dd4dca94ea79c4f94616fb2d234e82
-
SHA256
0fa46517fa64c2d4aab6c75f3bdb210f1736947b81a4ff6b934085af88be129e
-
SHA512
b651a948b0e750afc40942743c22473ab30a47533cd3a21bed334f13da5a666414154fb5382d3b47bfe78a350d6068c620ada89fba5d490d65030392c0bedabc
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-