General
-
Target
8fc330b75eb3ab1f09832acec6354d22
-
Size
638KB
-
Sample
220802-zflb6sccbp
-
MD5
8fc330b75eb3ab1f09832acec6354d22
-
SHA1
d8925a4d1492da1812410e78d2f475cf63c54d45
-
SHA256
6a7e30b0b06fede9fe359ac41d1dfeec965e3a82074ace3c50855ec0a7ad6b62
-
SHA512
711266acd8187524f658fe319fc7526148b8d7158e0a8606d9f9308e565dd01e937e1c3f26cd65c878e8e29328a6ae72af1ffaa4b45f85c76e26fd619f180d86
Static task
static1
Behavioral task
behavioral1
Sample
PO-495883.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
PO-495883.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
warzonerat
172.93.165.166:5200
Targets
-
-
Target
PO-495883.exe
-
Size
797KB
-
MD5
b5950c57864a66b92295b15ab6bab4c8
-
SHA1
1b41aa33af12da022df703ac2ff3a4da25ab1099
-
SHA256
15e443d0845a4ad84fb9480596cc5949ce2f3a709bdc56ac4a77c031fb1aa8e7
-
SHA512
dd738d0e76137553a1b87a94c0629f549cdb363ef15eb50bbf6034ce57a4a6343c50db08469fc13e39f210511e19cb9416f1a5ab91d495bc6645076b93126f37
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
ModiLoader Second Stage
-
Warzone RAT payload
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-