General
-
Target
Bestellbestatigung·pdf.exe
-
Size
889KB
-
Sample
221129-kxqkwsgg9v
-
MD5
eea21fab4d6a50bf1d1a6b9b065bee67
-
SHA1
450f3e1bc224fcdd61408b2cc6b542970a372e48
-
SHA256
c3a58b2823cbb861f4bbb350cfffc4fc39875f38ad6af221def83031eef1e0e3
-
SHA512
f4b9aa4e2561d0df2f6a4515cb6fb778b64c75f8b4d669fbc001374cd42a2c47e70ffe43d3ee9578e354d261cf08967a76852bec1f893468adbaf611a4d3b322
-
SSDEEP
12288:4NYjqU+2hrEDvczJ44s3o8GkvbkZM0hJrH5wd2g2V6qT5uDdzoa1cfN:4YxrOczq4xYvQW0nidb2VPT5uDdEPf
Malware Config
Targets
-
-
Target
Bestellbestatigung·pdf.exe
-
Size
889KB
-
MD5
eea21fab4d6a50bf1d1a6b9b065bee67
-
SHA1
450f3e1bc224fcdd61408b2cc6b542970a372e48
-
SHA256
c3a58b2823cbb861f4bbb350cfffc4fc39875f38ad6af221def83031eef1e0e3
-
SHA512
f4b9aa4e2561d0df2f6a4515cb6fb778b64c75f8b4d669fbc001374cd42a2c47e70ffe43d3ee9578e354d261cf08967a76852bec1f893468adbaf611a4d3b322
-
SSDEEP
12288:4NYjqU+2hrEDvczJ44s3o8GkvbkZM0hJrH5wd2g2V6qT5uDdzoa1cfN:4YxrOczq4xYvQW0nidb2VPT5uDdEPf
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-