General
-
Target
Solicitud de Oferta 07-02-23·pdf.exe
-
Size
560KB
-
Sample
230207-pl66qabf53
-
MD5
a28a8c381f7460d2a35f10186ca34dd6
-
SHA1
0ea66a29cca600bdd91f3505884d74dd7df09d9f
-
SHA256
a43a0cacbfaf5aa649acc0d29ce25855ea92c50af2729f30c5f2ecfad376ef4d
-
SHA512
6c594c33ecf2069a53e7c83ab817a3ab8250ea8796889a854d2d11a26f95f20132721e4e5df963c587ef4f4b154388b35b7b732e24375ee9f79927a3938b37e2
-
SSDEEP
12288:0ky6tuXby71v1f+fWQ8+N8v2ocCSivrlicg3ULa+kdkP/:M6tuLM1v1f+Tt8vcKG3UGdkP/
Static task
static1
Behavioral task
behavioral1
Sample
Solicitud de Oferta 07-02-23·pdf.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Solicitud de Oferta 07-02-23·pdf.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
Solicitud de Oferta 07-02-23·pdf.exe
-
Size
560KB
-
MD5
a28a8c381f7460d2a35f10186ca34dd6
-
SHA1
0ea66a29cca600bdd91f3505884d74dd7df09d9f
-
SHA256
a43a0cacbfaf5aa649acc0d29ce25855ea92c50af2729f30c5f2ecfad376ef4d
-
SHA512
6c594c33ecf2069a53e7c83ab817a3ab8250ea8796889a854d2d11a26f95f20132721e4e5df963c587ef4f4b154388b35b7b732e24375ee9f79927a3938b37e2
-
SSDEEP
12288:0ky6tuXby71v1f+fWQ8+N8v2ocCSivrlicg3ULa+kdkP/:M6tuLM1v1f+Tt8vcKG3UGdkP/
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-