General
-
Target
Kopija prijenosa pla?anjaBohm d.o.o·pdf.exe
-
Size
703KB
-
Sample
221205-ld7kqsah6z
-
MD5
224276b92f42bd2f29a64adfd7c4377b
-
SHA1
374a33fd32bc2139c06973ec36ad302ca74f9eac
-
SHA256
66bfee7c40de7f8f6e9d20b337fc22d9eec1a5a1764d3b29c26639ebdeeddc71
-
SHA512
f8a9b5819884a9988739a2e93972fcf16f4b615a3020503f47cf2ee9eb1261a42267902fec0ef1418d186ef68df1d3822ec8979e0c43fc51b8ca59392cc680aa
-
SSDEEP
12288:lPuYd+V6b1momPZefNrInBocHPup1vTfPRgEUQXMXu5qcioLuBomBqQe:lPuYd+V6bIomxiNMecHPupBTHRTUQXMW
Static task
static1
Behavioral task
behavioral1
Sample
Kopija prijenosa pla?anjaBohm d.o.o·pdf.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Kopija prijenosa pla?anjaBohm d.o.o·pdf.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
warzonerat
bryandatabase.duckdns.org:46564
Targets
-
-
Target
Kopija prijenosa pla?anjaBohm d.o.o·pdf.exe
-
Size
703KB
-
MD5
224276b92f42bd2f29a64adfd7c4377b
-
SHA1
374a33fd32bc2139c06973ec36ad302ca74f9eac
-
SHA256
66bfee7c40de7f8f6e9d20b337fc22d9eec1a5a1764d3b29c26639ebdeeddc71
-
SHA512
f8a9b5819884a9988739a2e93972fcf16f4b615a3020503f47cf2ee9eb1261a42267902fec0ef1418d186ef68df1d3822ec8979e0c43fc51b8ca59392cc680aa
-
SSDEEP
12288:lPuYd+V6b1momPZefNrInBocHPup1vTfPRgEUQXMXu5qcioLuBomBqQe:lPuYd+V6bIomxiNMecHPupBTHRTUQXMW
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-