General
-
Target
#PO.09877657890439888IpzJ3FEGdOMFjHn.PDF.exe
-
Size
755KB
-
Sample
221208-qjybgada9v
-
MD5
c9b1ecfd1ec4a4ebd841f77ee0e74ca0
-
SHA1
54d8a155fbf50720ec99817a4e5dee29d021a0ed
-
SHA256
f92ef33594e2dea236dd194b6d1c78ba5ace8702e5fa02fc48462073e8d8c010
-
SHA512
a488ec12d8f90bee5f875b8cfb918b44bd41499545863b2c4da47963a2adccca3be3ffe05fd8412ee8db35520aa3686975b53c4fbce0aa245c12b21b6ef1f98d
-
SSDEEP
12288:gCCcihz6Y1jJ0DFVWV3vhXTtva75ntqiMahkg586aWHff:lCZlN8WBvhXTtw5n8pahB5O8f
Static task
static1
Behavioral task
behavioral1
Sample
#PO.09877657890439888IpzJ3FEGdOMFjHn.PDF.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
#PO.09877657890439888IpzJ3FEGdOMFjHn.PDF.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
warzonerat
37.0.14.207:70
Targets
-
-
Target
#PO.09877657890439888IpzJ3FEGdOMFjHn.PDF.exe
-
Size
755KB
-
MD5
c9b1ecfd1ec4a4ebd841f77ee0e74ca0
-
SHA1
54d8a155fbf50720ec99817a4e5dee29d021a0ed
-
SHA256
f92ef33594e2dea236dd194b6d1c78ba5ace8702e5fa02fc48462073e8d8c010
-
SHA512
a488ec12d8f90bee5f875b8cfb918b44bd41499545863b2c4da47963a2adccca3be3ffe05fd8412ee8db35520aa3686975b53c4fbce0aa245c12b21b6ef1f98d
-
SSDEEP
12288:gCCcihz6Y1jJ0DFVWV3vhXTtva75ntqiMahkg586aWHff:lCZlN8WBvhXTtw5n8pahB5O8f
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-