General
-
Target
Order confirmation reference no. FXEPS62022.exe
-
Size
662KB
-
Sample
221122-h4p7ladg44
-
MD5
143bcb812ed5583a70d2a5c425ed0b81
-
SHA1
09f4a1032067ec2c4c12206b67f4348fa8fc8432
-
SHA256
0154435a9ca1ab793fb98c95b9fc1cef9b64cb6e54e7b0af6cc358018476ee11
-
SHA512
0f7c552d17e9e0e6a9cacffaa9492d21e651e34ab80b52dc397b96827030fb9a64bd00ff791b6a4b722b3d82f8faa4797d0b225cbb0781f18adf974888935383
-
SSDEEP
12288:xDjeLlJcFNDJJCTbtCkQHvGMJfGb8/4OQk5dHj8h:xDiT6pyJmGMJfGw/LQk38h
Static task
static1
Behavioral task
behavioral1
Sample
Order confirmation reference no. FXEPS62022.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
Order confirmation reference no. FXEPS62022.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
warzonerat
bestsuccess.ddns.net:2442
Targets
-
-
Target
Order confirmation reference no. FXEPS62022.exe
-
Size
662KB
-
MD5
143bcb812ed5583a70d2a5c425ed0b81
-
SHA1
09f4a1032067ec2c4c12206b67f4348fa8fc8432
-
SHA256
0154435a9ca1ab793fb98c95b9fc1cef9b64cb6e54e7b0af6cc358018476ee11
-
SHA512
0f7c552d17e9e0e6a9cacffaa9492d21e651e34ab80b52dc397b96827030fb9a64bd00ff791b6a4b722b3d82f8faa4797d0b225cbb0781f18adf974888935383
-
SSDEEP
12288:xDjeLlJcFNDJJCTbtCkQHvGMJfGb8/4OQk5dHj8h:xDiT6pyJmGMJfGw/LQk38h
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
ModiLoader Second Stage
-
Warzone RAT payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-