General
-
Target
d4524578f847aa9ad266a19ff4d9fe4ab80224d9ba442cd49bae2f0cd12edfeb
-
Size
986KB
-
Sample
220805-lrmgqaagdk
-
MD5
477f8b0e11224d931189158718f70987
-
SHA1
9c89d64a652f478f9c4970549e29654b3239597b
-
SHA256
d4524578f847aa9ad266a19ff4d9fe4ab80224d9ba442cd49bae2f0cd12edfeb
-
SHA512
c096ac165d866b6af7e6e3defe0b40eb9aa5fdb7afb19ce61ff0b44f6916863c8c3ac10224684235bef49c6b2cd4b0189ccd57f492a8820ca43adf2eebbd9c2a
Static task
static1
Behavioral task
behavioral1
Sample
d4524578f847aa9ad266a19ff4d9fe4ab80224d9ba442cd49bae2f0cd12edfeb.exe
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
d4524578f847aa9ad266a19ff4d9fe4ab80224d9ba442cd49bae2f0cd12edfeb.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
warzonerat
0b3c.duckdns.org:1159
Targets
-
-
Target
d4524578f847aa9ad266a19ff4d9fe4ab80224d9ba442cd49bae2f0cd12edfeb
-
Size
986KB
-
MD5
477f8b0e11224d931189158718f70987
-
SHA1
9c89d64a652f478f9c4970549e29654b3239597b
-
SHA256
d4524578f847aa9ad266a19ff4d9fe4ab80224d9ba442cd49bae2f0cd12edfeb
-
SHA512
c096ac165d866b6af7e6e3defe0b40eb9aa5fdb7afb19ce61ff0b44f6916863c8c3ac10224684235bef49c6b2cd4b0189ccd57f492a8820ca43adf2eebbd9c2a
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
ModiLoader Second Stage
-
Warzone RAT payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-