General
-
Target
Purchase Order-20230315 & Leaflets_1.IMG
-
Size
2.2MB
-
Sample
230317-jtrs4sha7t
-
MD5
a10a585ec78b5c769f5dca2ed052525e
-
SHA1
479ce29d88dd108bcadd5b84768633fe768a45d0
-
SHA256
a4137b1d2336f03a59fcfc3f9273e75d1b2ba18e547b17cc50d894d67b960eb5
-
SHA512
efa0dee2bfa91682912f5b8f3af94f220a0e4fee08feb306df4cea12ff0e344179f76535b9146d464893fb12a78f6ee53b1f7b032e0c6e6ff93056db07803951
-
SSDEEP
24576:gKJ4Bu9Ot09OX7l348A5NyTrgrXBebbxwB0BGpUnYAHyOkBuuotyo+u9N8Esj6tE:6ocbOab1r8EsWLqO357
Static task
static1
Behavioral task
behavioral1
Sample
Purchase Order-20230315-pdf.scr
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Purchase Order-20230315-pdf.scr
Resource
win10v2004-20230220-en
Malware Config
Extracted
warzonerat
146.70.94.3:17873
Targets
-
-
Target
Purchase Order-20230315-pdf.scr
-
Size
2.2MB
-
MD5
04c554539eb31dfe2bae23a9975b6e0d
-
SHA1
b8e0182dff17942e859259c507414029cb00a2f8
-
SHA256
125d12ade3da14ef13cd2a6408692edd8067baefa8a2b375a03c4fad6368fd39
-
SHA512
2e145b69e03eae0ad5935b9a8d9a0030e870ed79eaeb29a15f330ce9c938389599e796e817503f1db99e078cc4cd2b971e2e65581da3bb6988369c8ac0f74721
-
SSDEEP
24576:PKJ4Bu9Ot09OX7l348A5NyTrgrXBebbxwB0BGpUnYAHyOkBuuotyo+u9N8Esj6tE:RocbOab1r8EsWLqO357
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-