General
-
Target
Requirements for RFQ 0643CQREpdf.exe
-
Size
482KB
-
Sample
230403-3r92fsde6y
-
MD5
a70d80cd1c3980251681d1cbc0e9d46d
-
SHA1
2dd861ff40689f28ece21d2487ba1f59b73a23cc
-
SHA256
eff5006d8102c70638bfd284058d10c1aad385039e62d01f5dc287d13e29a59b
-
SHA512
0df5ff92856eb8a031243f973bf53af6b2871e2bf7825d2b21c14d9c2d3bf228d6fa61f040d773f2c1c563dab093658834b06abed224872ba8d02add42773c81
-
SSDEEP
6144:8177CJS2P8N3qcLpaqD/9qeGNHi6Ukq+xJuDh6XcH/e5Xs1wV/yCYBkP:8QE6qNScHPCYWP
Static task
static1
Behavioral task
behavioral1
Sample
Requirements for RFQ 0643CQREpdf.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Requirements for RFQ 0643CQREpdf.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
warzonerat
193.47.61.26:5200
Targets
-
-
Target
Requirements for RFQ 0643CQREpdf.exe
-
Size
482KB
-
MD5
a70d80cd1c3980251681d1cbc0e9d46d
-
SHA1
2dd861ff40689f28ece21d2487ba1f59b73a23cc
-
SHA256
eff5006d8102c70638bfd284058d10c1aad385039e62d01f5dc287d13e29a59b
-
SHA512
0df5ff92856eb8a031243f973bf53af6b2871e2bf7825d2b21c14d9c2d3bf228d6fa61f040d773f2c1c563dab093658834b06abed224872ba8d02add42773c81
-
SSDEEP
6144:8177CJS2P8N3qcLpaqD/9qeGNHi6Ukq+xJuDh6XcH/e5Xs1wV/yCYBkP:8QE6qNScHPCYWP
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-