General
-
Target
QUOTATION_220377FIBA00541_PDF.scr
-
Size
474KB
-
Sample
230313-mvm34aaa39
-
MD5
4f675e8096f33c630b63e11ca67753a7
-
SHA1
8e525226e608dbd84f0c6bddf71f2e5ffb05645f
-
SHA256
267e7f40468aa20e4c4741a562d1fd090cdb14be29cff3d3dc6f9c951cf1922f
-
SHA512
59a6b5a2db27ac3876dcb629eb1e854dfbd99ae87c90c6f6eb0fe5dbb78eaa312909b58e482a9462b2fc9dd12083bd46c7e90b806b3f7e779a8d01264b59e810
-
SSDEEP
12288:RWcWnFt4sHQA793uk0FaKwR4KrjQD60+ayvsHC6rRl6Fklbddxppppppppppppp5:8rYD+wkfjQDHy6rFd
Static task
static1
Behavioral task
behavioral1
Sample
QUOTATION_220377FIBA00541_PDF.scr
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
QUOTATION_220377FIBA00541_PDF.scr
Resource
win10v2004-20230220-en
Malware Config
Extracted
warzonerat
103.231.91.59:17873
Targets
-
-
Target
QUOTATION_220377FIBA00541_PDF.scr
-
Size
474KB
-
MD5
4f675e8096f33c630b63e11ca67753a7
-
SHA1
8e525226e608dbd84f0c6bddf71f2e5ffb05645f
-
SHA256
267e7f40468aa20e4c4741a562d1fd090cdb14be29cff3d3dc6f9c951cf1922f
-
SHA512
59a6b5a2db27ac3876dcb629eb1e854dfbd99ae87c90c6f6eb0fe5dbb78eaa312909b58e482a9462b2fc9dd12083bd46c7e90b806b3f7e779a8d01264b59e810
-
SSDEEP
12288:RWcWnFt4sHQA793uk0FaKwR4KrjQD60+ayvsHC6rRl6Fklbddxppppppppppppp5:8rYD+wkfjQDHy6rFd
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-