General
-
Target
ADLINK-TECH PO#2220002637.exe
-
Size
70KB
-
Sample
221122-en3k7shg75
-
MD5
6de81641b2c6a47f647aa00c23df24e1
-
SHA1
53b0798111703410bf26a8648e1db8ef83212627
-
SHA256
432b58d99b8a2532e92fd36a745c952562a56223a458f4fb444685cfc8706250
-
SHA512
e54bfd45b540d280e4e7a1efec15d8a9686151991417bb2a7d78355215a2b1c04087f3ec5462ea0074c836d5f1679db9f4eee3fcd11f420835b8104e894e6324
-
SSDEEP
768:mAhYp0rnxX2aLY2ZDWo472H8Ekol/d3eJG53G73my86iCgkozMB20:WQxX2kY2N472d3eJG53G73mxdvdIv
Static task
static1
Behavioral task
behavioral1
Sample
ADLINK-TECH PO#2220002637.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
ADLINK-TECH PO#2220002637.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
warzonerat
just-fax207.home-webserver.de:41142
Targets
-
-
Target
ADLINK-TECH PO#2220002637.exe
-
Size
70KB
-
MD5
6de81641b2c6a47f647aa00c23df24e1
-
SHA1
53b0798111703410bf26a8648e1db8ef83212627
-
SHA256
432b58d99b8a2532e92fd36a745c952562a56223a458f4fb444685cfc8706250
-
SHA512
e54bfd45b540d280e4e7a1efec15d8a9686151991417bb2a7d78355215a2b1c04087f3ec5462ea0074c836d5f1679db9f4eee3fcd11f420835b8104e894e6324
-
SSDEEP
768:mAhYp0rnxX2aLY2ZDWo472H8Ekol/d3eJG53G73my86iCgkozMB20:WQxX2kY2N472d3eJG53G73mxdvdIv
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Drops startup file
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-