General
-
Target
25e9a8ee4b351fae666fef02c717e49933b1ac834862fb1555585eec7d229b78
-
Size
909KB
-
Sample
220804-l8hj4aegep
-
MD5
ebf9cc0cd95f6fe63b1eeac109012fa6
-
SHA1
8d977b4c50f5770ed284891fa540b8b7eee9d7cd
-
SHA256
25e9a8ee4b351fae666fef02c717e49933b1ac834862fb1555585eec7d229b78
-
SHA512
00ed1a5847cba39ea0637bd9f9aa40ad584155ea7ce7202b20baff1a7062aca2699575976e2cee0d363c5323a241de6080494d112951f4bca8e8a76b6f07c10a
Static task
static1
Behavioral task
behavioral1
Sample
25e9a8ee4b351fae666fef02c717e49933b1ac834862fb1555585eec7d229b78.exe
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
25e9a8ee4b351fae666fef02c717e49933b1ac834862fb1555585eec7d229b78.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
warzonerat
20.91.187.223:5707
Targets
-
-
Target
25e9a8ee4b351fae666fef02c717e49933b1ac834862fb1555585eec7d229b78
-
Size
909KB
-
MD5
ebf9cc0cd95f6fe63b1eeac109012fa6
-
SHA1
8d977b4c50f5770ed284891fa540b8b7eee9d7cd
-
SHA256
25e9a8ee4b351fae666fef02c717e49933b1ac834862fb1555585eec7d229b78
-
SHA512
00ed1a5847cba39ea0637bd9f9aa40ad584155ea7ce7202b20baff1a7062aca2699575976e2cee0d363c5323a241de6080494d112951f4bca8e8a76b6f07c10a
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
ModiLoader Second Stage
-
Warzone RAT payload
-
Adds Run key to start application
-