General
-
Target
#PO2793783774-02-2022-LARGE-REQUEST.exe
-
Size
20KB
-
Sample
221024-y14tksadd2
-
MD5
8515f3140d37da59a31c4a7ebcb3f461
-
SHA1
c58dc3f1934aca3250867f094c2c4c3e9bad33a3
-
SHA256
12813ac736f7f3b6412fc58ddf53e3ed703249e47368fab3826c3e10e6f4ba50
-
SHA512
940c779b242de715a7a669ee877206f0e0f4cda58ad4297a9f532a775dfcb7aaafe5c0d98d4a84b88854daf0b226480959b4dc221188db659f38495b07a21c87
-
SSDEEP
384:Ola8QLmOL5sG7Rgok0W5UbW6KbF/FzUY:Aa8QyYsbWbW6KF/xUY
Malware Config
Extracted
warzonerat
bigmoney2020.ath.cx:4301
Targets
-
-
Target
#PO2793783774-02-2022-LARGE-REQUEST.exe
-
Size
20KB
-
MD5
8515f3140d37da59a31c4a7ebcb3f461
-
SHA1
c58dc3f1934aca3250867f094c2c4c3e9bad33a3
-
SHA256
12813ac736f7f3b6412fc58ddf53e3ed703249e47368fab3826c3e10e6f4ba50
-
SHA512
940c779b242de715a7a669ee877206f0e0f4cda58ad4297a9f532a775dfcb7aaafe5c0d98d4a84b88854daf0b226480959b4dc221188db659f38495b07a21c87
-
SSDEEP
384:Ola8QLmOL5sG7Rgok0W5UbW6KbF/FzUY:Aa8QyYsbWbW6KF/xUY
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
joker
Joker is an Android malware that targets billing and SMS fraud.
-
Warzone RAT payload
-
Drops startup file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-