General
-
Target
4767c646c40f6ceace8139de145a631a308ae5c3fe3f2868bd36477009920446
-
Size
1015KB
-
Sample
220521-n292waeed4
-
MD5
4616f486e2142fb7488719f2e132edaf
-
SHA1
7af4f630c22437e06229999575c6dc620c5f0adc
-
SHA256
4767c646c40f6ceace8139de145a631a308ae5c3fe3f2868bd36477009920446
-
SHA512
0ce701ca1450276b862ef0bc5d2eb0e44107a4617c18bbc840310f89b35f88d215a2f1fd01c830019bfe9ab636040a20c0cf6c551f134bff2c78ba4d5626b5f0
Static task
static1
Behavioral task
behavioral1
Sample
ISF form == 20030316 M#EGLV003090032432.scr
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
ISF form == 20030316 M#EGLV003090032432.scr
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
Invoice & Packing list EGLV003090032432.scr
Resource
win7-20220414-en
Behavioral task
behavioral4
Sample
Invoice & Packing list EGLV003090032432.scr
Resource
win10v2004-20220414-en
Behavioral task
behavioral5
Sample
VGM ==#EGLV003090032432.scr
Resource
win7-20220414-en
Behavioral task
behavioral6
Sample
VGM ==#EGLV003090032432.scr
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
ISF form == 20030316 M#EGLV003090032432.scr
-
Size
584KB
-
MD5
7de6d9395aafb8bd1720692f8c3e8397
-
SHA1
b46eb569d352fe5dc0cc5c3f67fe6474a09a514f
-
SHA256
5cd183da8ceb32dfce5219ece25684d9eb1624ca8e0ec30e374219732944c8e5
-
SHA512
46433ffdb7c7d31518e5030e40cfb5045878e0e11f57458c3316eb1ccafaec31297c0bb5836fa1f1ab151fa690bb8d8a72fcfb5c063425a594c1b2914ce32b08
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
Invoice & Packing list EGLV003090032432.scr
-
Size
571KB
-
MD5
165255e7fef985bb6a76cdd5dc0f3efe
-
SHA1
4d4f455814cb607ae530fa589c6d1d3ed9e4173d
-
SHA256
3266b45cbefcbd64ebc0b8e2a120a98e5fd72b94135c33a2f36aa510d9dbc207
-
SHA512
10bfa4823ab3207b6a2ee0f9ddc0163ae7f5ebf12bf8589a9c2c72c59b31426b31699baacbf0b57ea4aeea897e8bf28cb9c3ffc4863b2c0ebba2e64ce636f818
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
VGM ==#EGLV003090032432.scr
-
Size
566KB
-
MD5
513f868cd3e85eaab2a9264a3060a63a
-
SHA1
d0e6de28c03de8249877b745c459d0335e67dbe5
-
SHA256
6fd7ef78c4314252a4e7360e1d93222f3812333f4fc7148c0c6dc9da8c122b7e
-
SHA512
910048913ba4bf5fbc814642510e66cd6b5511052eae91ac21b24d25550fa7ca2b877a989c24785fe7cf00868d5f136438ce75873ba9239ecdb83153b5698eba
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-