General
-
Target
9127BF04095F506FB1313B8A760CD8ACFF84E4F26203220B94FF44AA931C4C34
-
Size
1.2MB
-
Sample
230314-rs8dgafg76
-
MD5
4ae37c268017fcf1a5172e3b93786202
-
SHA1
06ea8ea8d4f0dae33b8465cf0f12f2e919e10373
-
SHA256
9127bf04095f506fb1313b8a760cd8acff84e4f26203220b94ff44aa931c4c34
-
SHA512
fe946ed937b2ff6afb8304243b6844526e748d5820c46bb32a0b461d559d6fea077e7f4125981baa9baae7b6125188971d0a06d45e0c1b193762c4e7a611d3da
-
SSDEEP
6144:jrzsD2B01XtSlfeG1PB1uJu3dWHClDvJfoxtDuCJ0B4+beL3ByD6YZFtCMQ:jrz61SPjuJsgHqDvJfoDCCCBjsBkQ
Static task
static1
Behavioral task
behavioral1
Sample
INVOICE.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
INVOICE.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
warzonerat
newsfeed.msoftupdate.me:80
Targets
-
-
Target
INVOICE.EXE
-
Size
699KB
-
MD5
3a1328c0843fc9a945fa1d58ffb28313
-
SHA1
0810bfb2500bbfa86a220939d1ee9006a46a12c3
-
SHA256
91893562af732965ae5f90453a22af6b1d7a49f043730b900df20f6506569633
-
SHA512
385b5fee1126e406f4044dcea69e585ea9b5e06da33da20030bc2881fd914f85371e84d502124b118a5c3aa995094c68936d25ebb1f7fd32156437bf76a0d12b
-
SSDEEP
6144:FrzsD2B01XtSlfeG1PB1uJu3dWHClDvJfoxtDuCJ0B4+beL3ByD6YZFtCMQ:Frz61SPjuJsgHqDvJfoDCCCBjsBkQ
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-