General
-
Target
Order-202303007-pdf.scr.exe
-
Size
102KB
-
Sample
230313-hzyyyaha53
-
MD5
742d20a1c28731be02a3e9a8059e968a
-
SHA1
73cb763f74529e0c3ad92380b5e62db3be728a38
-
SHA256
e01a2288b77430c3ad9ba2baff0e1377d091124c3efaf5b8010067ba130dfa71
-
SHA512
9a50e9986a051c3a495b00efe63c4ab75e78b19c680ce1c00bd35709195829a80ee4790462c0213de65218f5bdf0b4d741afc5c1df1a260badcad6bf86cc982d
-
SSDEEP
3072:YpA5jRWkXsVJsAPkvywY0EktSQAjppppppppppppppppppppppx:YpujQJXck0EAKjpppppppppppppppppx
Static task
static1
Behavioral task
behavioral1
Sample
Order-202303007-pdf.scr.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Order-202303007-pdf.scr.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
warzonerat
2.58.47.203:17873
Targets
-
-
Target
Order-202303007-pdf.scr.exe
-
Size
102KB
-
MD5
742d20a1c28731be02a3e9a8059e968a
-
SHA1
73cb763f74529e0c3ad92380b5e62db3be728a38
-
SHA256
e01a2288b77430c3ad9ba2baff0e1377d091124c3efaf5b8010067ba130dfa71
-
SHA512
9a50e9986a051c3a495b00efe63c4ab75e78b19c680ce1c00bd35709195829a80ee4790462c0213de65218f5bdf0b4d741afc5c1df1a260badcad6bf86cc982d
-
SSDEEP
3072:YpA5jRWkXsVJsAPkvywY0EktSQAjppppppppppppppppppppppx:YpujQJXck0EAKjpppppppppppppppppx
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-