General
-
Target
f2b3165eb4622865b540b23e6dc5300222d402140266d8263bf2c6fbfb4b9e9f
-
Size
114KB
-
Sample
220521-ntssmahcan
-
MD5
03ed5eb215ccc186544bd087a00fbfd3
-
SHA1
b11cf6d99a121837423bee44ee8a86b569a303a9
-
SHA256
f2b3165eb4622865b540b23e6dc5300222d402140266d8263bf2c6fbfb4b9e9f
-
SHA512
61f42c09e1c444a69b77482e732d9693c5d551f7c7a917a6095404d228047983ec6cbed99b89868f2e3295cf5648f53c2b5681262601bf7a64ba451afa03922b
Static task
static1
Behavioral task
behavioral1
Sample
PO45351SBY SP-SENSOR MARS INDONESIAMAKASSAR,pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PO45351SBY SP-SENSOR MARS INDONESIAMAKASSAR,pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
warzonerat
caebd.ddns.net:8822
Targets
-
-
Target
PO45351SBY SP-SENSOR MARS INDONESIAMAKASSAR,pdf.exe
-
Size
320KB
-
MD5
aa8450e7c87d140e427ba011cdeb3348
-
SHA1
6b705fc36699a0c670251a787a1ba474ddc677fa
-
SHA256
fa925870975e7c53ec50032872d0c8f7aa23d7832658def21887419f288cbd18
-
SHA512
cc7960501dfe33cb61ff822e3b7815da56916642d0256afa829a2e6f9886738c0033c1d277e407438c24d934593fe17df0347188be7144f10962a8d0a25a8053
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of SetThreadContext
-