General
-
Target
477c82fa08ceb2dce2650cb7e0060d5884da7c230bbb2e05c69968eca288441f
-
Size
288KB
-
Sample
220521-pb4ylsabhl
-
MD5
4ac2c8a989aa7b9526484760ebed4515
-
SHA1
293f4de752af73811c8ce2d5d3a9a832028c47a5
-
SHA256
477c82fa08ceb2dce2650cb7e0060d5884da7c230bbb2e05c69968eca288441f
-
SHA512
871feebc41ded2f0833d4d6687e0296a60b9f821b1e88a77d20882d87a7d457c09ee0ecd36ee11b04a63443d5a59de163715bf57e330e5b4dd1b89b9a9e2de58
Static task
static1
Behavioral task
behavioral1
Sample
Bank_Swift_EUR32XXXX.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Bank_Swift_EUR32XXXX.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
warzonerat
185.215.151.139:2104
Targets
-
-
Target
Bank_Swift_EUR32XXXX.exe
-
Size
323KB
-
MD5
032e2f187bfeef42d9805eddcb9deaab
-
SHA1
8fb8908f4eabcaa59cb9a0da00c127ea55ae52df
-
SHA256
2248af8172666d8874da1df1fc121c29520571361c6aab67e9b156c072531d90
-
SHA512
7c026b742e9c556c1578fbea610503934eb83ea0d585ed1ae89ffc2030e6e1ffbc7d35dc40a25f849877654176751a96190af03c803114a754a158ffd9025d91
Score10/10-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
CoreCCC Packer
Detects CoreCCC packer used to load .NET malware.
-
Warzone RAT Payload
-
Suspicious use of SetThreadContext
-