General
-
Target
New order requirements.exe
-
Size
626KB
-
Sample
220804-hfsyksdacl
-
MD5
6f2bff637bc69d5a8fd1c290a41476a5
-
SHA1
a66db66c7eb34acbd228f62b45f5d6ba7eab70f2
-
SHA256
88feac36d272543567fa2c4a9a055bc5d875c0bd3e6e2245f6c06fdb42c4cf59
-
SHA512
b185ee83abad546a4d7d2b9291b5d28c527c377d428df27e1cede065e3e87ad8bbeab0580b0e17235db2c8ab7c6a4f2ace8578b1f062077b0f9fa19b7c0858c5
Static task
static1
Behavioral task
behavioral1
Sample
New order requirements.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
New order requirements.exe
Resource
win10v2004-20220722-en
Malware Config
Extracted
warzonerat
172.93.165.201:5200
Targets
-
-
Target
New order requirements.exe
-
Size
626KB
-
MD5
6f2bff637bc69d5a8fd1c290a41476a5
-
SHA1
a66db66c7eb34acbd228f62b45f5d6ba7eab70f2
-
SHA256
88feac36d272543567fa2c4a9a055bc5d875c0bd3e6e2245f6c06fdb42c4cf59
-
SHA512
b185ee83abad546a4d7d2b9291b5d28c527c377d428df27e1cede065e3e87ad8bbeab0580b0e17235db2c8ab7c6a4f2ace8578b1f062077b0f9fa19b7c0858c5
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-