General
-
Target
arajanlat·pdf.exe
-
Size
592KB
-
Sample
221128-nmp36aae74
-
MD5
51f738511b4f0c749304b39bc68aaf36
-
SHA1
72a3cb0cc1ebf50b0325f53dcebe92b440b28f6c
-
SHA256
13221e70924c7c7eed105646282d0ace162ad1abc1e613219046fe131feb7818
-
SHA512
b64e325859f447f65f168546ccddbaf55fcac9fdc84bae0f8dc88037706ba0390ce072ea9b7159f4dbd932bfd008c8bc11db26b771624e7ee6063af8b68cf601
-
SSDEEP
12288:Iy5d/Jtp+LpXIhPE6AdmID8zxa3q1XZqslMM:IynBtALih86AdN8QkMM
Static task
static1
Behavioral task
behavioral1
Sample
arajanlat·pdf.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
arajanlat·pdf.exe
Resource
win10v2004-20220901-en
Malware Config
Targets
-
-
Target
arajanlat·pdf.exe
-
Size
592KB
-
MD5
51f738511b4f0c749304b39bc68aaf36
-
SHA1
72a3cb0cc1ebf50b0325f53dcebe92b440b28f6c
-
SHA256
13221e70924c7c7eed105646282d0ace162ad1abc1e613219046fe131feb7818
-
SHA512
b64e325859f447f65f168546ccddbaf55fcac9fdc84bae0f8dc88037706ba0390ce072ea9b7159f4dbd932bfd008c8bc11db26b771624e7ee6063af8b68cf601
-
SSDEEP
12288:Iy5d/Jtp+LpXIhPE6AdmID8zxa3q1XZqslMM:IynBtALih86AdN8QkMM
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-