General
-
Target
Izvod broj 76 ra?una 160-0000000471177-29·pdf.exe
-
Size
628KB
-
Sample
221205-ld7kqsah61
-
MD5
b6db2555a517738e8b36562c90d0abe6
-
SHA1
4ca042e5a79eaf3a95bb6aff7fd749c8483b9aea
-
SHA256
2ce431fd24a816b14cf7bc9110b959addbe592c8994c7cc8f5b83b8b836ccd93
-
SHA512
028277ffbc9af45c34cb345a8551cd590f50f8d3c127c380b6e282a01742605be9df7ed3af814cde811d4a9a4dce3fb8592cf4faafe2a803a3aae2fe5fb47256
-
SSDEEP
12288:FPuYd+V6b1momPZeftQ68cf32IZI8tjDw7ACYmz/:FPuYd+V6bIomxit2iIuQ7ACY
Static task
static1
Behavioral task
behavioral1
Sample
Izvod broj 76 ra?una 160-0000000471177-29·pdf.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Izvod broj 76 ra?una 160-0000000471177-29·pdf.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
warzonerat
bryandatabase.duckdns.org:46564
Targets
-
-
Target
Izvod broj 76 ra?una 160-0000000471177-29·pdf.exe
-
Size
628KB
-
MD5
b6db2555a517738e8b36562c90d0abe6
-
SHA1
4ca042e5a79eaf3a95bb6aff7fd749c8483b9aea
-
SHA256
2ce431fd24a816b14cf7bc9110b959addbe592c8994c7cc8f5b83b8b836ccd93
-
SHA512
028277ffbc9af45c34cb345a8551cd590f50f8d3c127c380b6e282a01742605be9df7ed3af814cde811d4a9a4dce3fb8592cf4faafe2a803a3aae2fe5fb47256
-
SSDEEP
12288:FPuYd+V6b1momPZeftQ68cf32IZI8tjDw7ACYmz/:FPuYd+V6bIomxit2iIuQ7ACY
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-