General
-
Target
Price List1.exe
-
Size
662KB
-
Sample
230331-r7mqbaag33
-
MD5
464a6ec43ac1f064d3dfe307c7dfd921
-
SHA1
468a543b51b6c797b668c8c442e451b1d9efe9d2
-
SHA256
189d5e75f300e21f30ae87cef1c384a3e33e26b5546b8404090bffe3251d4a34
-
SHA512
00e09724295dcf036ae1a70235b49cb37088b404edf61804cc31a8e2df8abcff058669620c82f679e00eec52f938c64b50eb618b361f3b82f174a333b5e77e20
-
SSDEEP
12288:NxCqHrYCPCimOMt+EqjhOClSlWDClEPjRQ1HfWW:NxCqHrYLimXWvrs8RQ1H
Static task
static1
Behavioral task
behavioral1
Sample
Price List1.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Price List1.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
warzonerat
104.223.19.96:80
Targets
-
-
Target
Price List1.exe
-
Size
662KB
-
MD5
464a6ec43ac1f064d3dfe307c7dfd921
-
SHA1
468a543b51b6c797b668c8c442e451b1d9efe9d2
-
SHA256
189d5e75f300e21f30ae87cef1c384a3e33e26b5546b8404090bffe3251d4a34
-
SHA512
00e09724295dcf036ae1a70235b49cb37088b404edf61804cc31a8e2df8abcff058669620c82f679e00eec52f938c64b50eb618b361f3b82f174a333b5e77e20
-
SSDEEP
12288:NxCqHrYCPCimOMt+EqjhOClSlWDClEPjRQ1HfWW:NxCqHrYLimXWvrs8RQ1H
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-