General
-
Target
#PO47947488-02-2022-BUY-REQUEST.exe
-
Size
17KB
-
Sample
221031-ntewrsagh6
-
MD5
932c6c73b43ea277f8038fcac487fece
-
SHA1
b151a024d9e78adca105c627ae53fd3343ef4469
-
SHA256
e25681e1fa9f84e578c0c54c9283bb819074fe45b3551e549363c1112cfa3fc4
-
SHA512
7db205d0435206cef2a324fa90e5de21db1d240367e9ab31fe7e91f5a20210135a06d10c51b62ca7197377abf17fcfc846d7d1de0f6b4ef91812cbff6cb2142c
-
SSDEEP
384:g1zC9ECor5d6ARZN/5oL3u6cBKHmrnMff3eE5Qf4:3orHgmrMX3ek
Malware Config
Extracted
warzonerat
bigmoney2020.ath.cx:4301
Targets
-
-
Target
#PO47947488-02-2022-BUY-REQUEST.exe
-
Size
17KB
-
MD5
932c6c73b43ea277f8038fcac487fece
-
SHA1
b151a024d9e78adca105c627ae53fd3343ef4469
-
SHA256
e25681e1fa9f84e578c0c54c9283bb819074fe45b3551e549363c1112cfa3fc4
-
SHA512
7db205d0435206cef2a324fa90e5de21db1d240367e9ab31fe7e91f5a20210135a06d10c51b62ca7197377abf17fcfc846d7d1de0f6b4ef91812cbff6cb2142c
-
SSDEEP
384:g1zC9ECor5d6ARZN/5oL3u6cBKHmrnMff3eE5Qf4:3orHgmrMX3ek
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
joker
Joker is an Android malware that targets billing and SMS fraud.
-
Warzone RAT payload
-
Drops startup file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-