General
-
Target
Tender Enquiry Ref TE-004717.cab
-
Size
398KB
-
Sample
221122-1fqgkadd7w
-
MD5
09386f9b5221fec64b3749926be55895
-
SHA1
849b1893cb07e9a79ec7711462b08d52859bf6fe
-
SHA256
1d51b43253d41585e396206ef45b4bd0c30ca084c873b0407b65e5fa388ad6b2
-
SHA512
ad09a694a3c7024ac90ab210f01a5e369242e463ccead798a3b5ee67a0d542b859f0e0843290def9408ecdf36c4826d5213e8d1a48a04ce6deec62a756b3160e
-
SSDEEP
12288:AGlrj45iiSBkaaUjcU+y+AbDNr0ACuzEL4sHQQHjd6mtjXk:AGr85Tkf+KbDFFCuzQ4sHQaj5Q
Static task
static1
Behavioral task
behavioral1
Sample
Tender Enquiry Ref TE-004717.exe
Resource
win10v2004-20220812-ja
Malware Config
Extracted
warzonerat
untyaru.casacam.net:2301
Targets
-
-
Target
Tender Enquiry Ref TE-004717.exe
-
Size
639KB
-
MD5
b6190fd990de2a286986baee1ead5d87
-
SHA1
d4b84ca930f35a5756f0e988a1a681e8d1f51b8c
-
SHA256
28b7b46f61a94073b0d77b148830eabfcec7345aa69d0cb0a48d5752c82720dd
-
SHA512
080c36069750c563d6ac723261dc7d000aeb60be196b329b89a7e22d2e18fd9d137d2af5bc666c5764ca362bcbeb72f2ce035eae659461085e5435b1f964a541
-
SSDEEP
6144:FO/mQZlDu/7fluu4/qxAKv3zKTRR3kKWxrz60LJC22CCJj2LzG1k+xra6W4wrd6w:GI2AW/R3KtaOvGvweT8wudA
Score10/10-
Modifies WinLogon for persistence
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-