General
-
Target
47fa3d12bbf90ed2c61bf71b5b6c84b78357635377654602b39d1452a297ea7b
-
Size
384KB
-
Sample
220521-pxhx9sbdbm
-
MD5
25efcdf98be2c0a9129de8da1ae55690
-
SHA1
870e71028a7f273eead1a4e31b4b7a6ddfc1116d
-
SHA256
47fa3d12bbf90ed2c61bf71b5b6c84b78357635377654602b39d1452a297ea7b
-
SHA512
c96f00d5049ddc88f1b6f8a956e0c1548de3ff1478cbe7ac51df6d1bcd65fcd531196b47b4f1c515ed8e7829a5212ed85307df37d8b814a9cca0a660874bd2a9
Static task
static1
Behavioral task
behavioral1
Sample
Quotation Request_20202605_20202605_20202605PDF.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Quotation Request_20202605_20202605_20202605PDF.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
warzonerat
45.137.22.143:5200
Targets
-
-
Target
Quotation Request_20202605_20202605_20202605PDF.exe
-
Size
531KB
-
MD5
b1482e23bdf72a41744c093fbb8240c1
-
SHA1
158c3f82a524da53d69047a6ea5768ed17fa6fbc
-
SHA256
9eb63d2c299e7faae7179f56ea8b4c962270a9def733cad4839955d638ac7d00
-
SHA512
b3f110b3c05168eb734d0250502522ed1c7daab2ec50c705ab90d56d542d5fe285c348a14baa1e3370eb393f8d195138ed654b2356a8aa0a28557f5988fa61a6
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-