General
-
Target
Product Lists.exe
-
Size
666KB
-
Sample
230330-xhgewsfc8v
-
MD5
5c72a278eea4555f1ce1035ea71fe05c
-
SHA1
dc54d9061b86771a60bfc0225e462fe620a2647a
-
SHA256
9d23ef1df51ca5f49d86bf9790e32a441525dadd86c3435658e51a012c51e3af
-
SHA512
453a70fb1d40d561ac578fed149defebdc3cbb21cf01dfa61365dbf88a032b073e655bb18f1a5c32f51413beffbba654cc5892b67877b6d0f65493cd54d87bad
-
SSDEEP
12288:X7n2ziKbtL8X4dRqwFtr3cCZ5yS9Tx+pMhp1YVj9J9LJNbimOMt+:TlX4dXt7csySbNhpUT9LJNbimX
Static task
static1
Behavioral task
behavioral1
Sample
Product Lists.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Product Lists.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
warzonerat
104.223.19.96:80
Targets
-
-
Target
Product Lists.exe
-
Size
666KB
-
MD5
5c72a278eea4555f1ce1035ea71fe05c
-
SHA1
dc54d9061b86771a60bfc0225e462fe620a2647a
-
SHA256
9d23ef1df51ca5f49d86bf9790e32a441525dadd86c3435658e51a012c51e3af
-
SHA512
453a70fb1d40d561ac578fed149defebdc3cbb21cf01dfa61365dbf88a032b073e655bb18f1a5c32f51413beffbba654cc5892b67877b6d0f65493cd54d87bad
-
SSDEEP
12288:X7n2ziKbtL8X4dRqwFtr3cCZ5yS9Tx+pMhp1YVj9J9LJNbimOMt+:TlX4dXt7csySbNhpUT9LJNbimX
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-