General
-
Target
CTM INSTRUCTION_MV.PACIFIC OCEAN-20230321001^pdf.scr.exe
-
Size
2.5MB
-
Sample
230327-f6lababh46
-
MD5
1e083bd201fe14037fe76f75d8311368
-
SHA1
2ebbe13bfce4d48eda0fcff8f82d8bd8127bab29
-
SHA256
2a35c92620e14bd31b6ccdfdafeaec0ad6113d4bf30abc950210c64488763a1f
-
SHA512
f1aa5e02be65ba5e3696c3e24f9271ad69a72e8648937323e52fc843e66f88e0afcf8884d74bab3ade723a33b10b6d349db5618b86864fdfc263bcb1bbc84d50
-
SSDEEP
24576:Tr768L+AX5H+NeYKtu1Dze6HDpLgIyge8wVp4UdPFqkby+gKOCdVvGBF3LjAPOzP:b6iVIRe/7Py/4OzMvI+zQ/
Static task
static1
Behavioral task
behavioral1
Sample
CTM INSTRUCTION_MV.PACIFIC OCEAN-20230321001^pdf.scr.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
CTM INSTRUCTION_MV.PACIFIC OCEAN-20230321001^pdf.scr.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
warzonerat
2.58.47.203:17873
Targets
-
-
Target
CTM INSTRUCTION_MV.PACIFIC OCEAN-20230321001^pdf.scr.exe
-
Size
2.5MB
-
MD5
1e083bd201fe14037fe76f75d8311368
-
SHA1
2ebbe13bfce4d48eda0fcff8f82d8bd8127bab29
-
SHA256
2a35c92620e14bd31b6ccdfdafeaec0ad6113d4bf30abc950210c64488763a1f
-
SHA512
f1aa5e02be65ba5e3696c3e24f9271ad69a72e8648937323e52fc843e66f88e0afcf8884d74bab3ade723a33b10b6d349db5618b86864fdfc263bcb1bbc84d50
-
SSDEEP
24576:Tr768L+AX5H+NeYKtu1Dze6HDpLgIyge8wVp4UdPFqkby+gKOCdVvGBF3LjAPOzP:b6iVIRe/7Py/4OzMvI+zQ/
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-