General
-
Target
D003_SB_BANK_TRANSFER_cat_PDF.exe
-
Size
1.1MB
-
Sample
221129-tzwz5aeh25
-
MD5
73cab1de21ef9fa9582fbd6b2bfcb4ef
-
SHA1
3113300bbccc785633ae4c6ef335ca863e5343f1
-
SHA256
11be3c747c6db512365f1baf2214550ab8820c4bf291beadf516c96e617adc19
-
SHA512
834b37ce697c32eef3fcaba5e10c591c3bf6c5c5ef640b40c47aff19284633a88100f60e9ad7fb319d5d2b45cf33fd8f27f7c89169443c20f5f05ec5abd209e3
-
SSDEEP
12288:oqhd37c0yDW1MPTBiLHJM9UsIF/OCX9MGjKA4IjoOt5UJaMBlxZhw+wT6TZWR:oqhdrc0yLT81M9UsIFjNvF/joaGJamW
Malware Config
Extracted
warzonerat
152.67.253.163:5300
Targets
-
-
Target
D003_SB_BANK_TRANSFER_cat_PDF.exe
-
Size
1.1MB
-
MD5
73cab1de21ef9fa9582fbd6b2bfcb4ef
-
SHA1
3113300bbccc785633ae4c6ef335ca863e5343f1
-
SHA256
11be3c747c6db512365f1baf2214550ab8820c4bf291beadf516c96e617adc19
-
SHA512
834b37ce697c32eef3fcaba5e10c591c3bf6c5c5ef640b40c47aff19284633a88100f60e9ad7fb319d5d2b45cf33fd8f27f7c89169443c20f5f05ec5abd209e3
-
SSDEEP
12288:oqhd37c0yDW1MPTBiLHJM9UsIF/OCX9MGjKA4IjoOt5UJaMBlxZhw+wT6TZWR:oqhdrc0yLT81M9UsIFjNvF/joaGJamW
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-