Resubmissions
29-11-2022 08:08
221129-j12xnabb58 10General
-
Target
satınalma siparişi 2310190.exe
-
Size
400.0MB
-
Sample
221129-j12xnabb58
-
MD5
b9c62ad26109e6399a35b356b617f9bf
-
SHA1
6a072c9b3ed98f1de2d78507243ec92a0f54bcb1
-
SHA256
5017e949a8d2d34130e294840a09efaf5e2798f86a57d6d34e5f512fe9ae4daf
-
SHA512
3d6904a769ed9c1de2728082759773d26bf6767cf4c8e1b04f39364cbf11f2d34ab8bea17fc48ce23480d8e2b3e4c6a8c2956097321bd86b7260c759294aadb5
-
SSDEEP
384:IaRWJcgLYn79k8/mf7E++ptYcFmVc03K9t:UckU79k8mTKtYcFmVc6Kf
Malware Config
Targets
-
-
Target
satınalma siparişi 2310190.exe
-
Size
400.0MB
-
MD5
b9c62ad26109e6399a35b356b617f9bf
-
SHA1
6a072c9b3ed98f1de2d78507243ec92a0f54bcb1
-
SHA256
5017e949a8d2d34130e294840a09efaf5e2798f86a57d6d34e5f512fe9ae4daf
-
SHA512
3d6904a769ed9c1de2728082759773d26bf6767cf4c8e1b04f39364cbf11f2d34ab8bea17fc48ce23480d8e2b3e4c6a8c2956097321bd86b7260c759294aadb5
-
SSDEEP
384:IaRWJcgLYn79k8/mf7E++ptYcFmVc03K9t:UckU79k8mTKtYcFmVc6Kf
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-