General
-
Target
QUOTATION_ MAR 300377FIBA00541_PDF.scr
-
Size
1.9MB
-
Sample
230403-mdvfvaea87
-
MD5
0d472e5124d01d8370e53ac3e3755eee
-
SHA1
8e121b294da073a8f728ae141db7a98eba8d2ba4
-
SHA256
d4b826238b85f99b00a92e02e06a8373f0f132bf1b6f4a64c09deb0aeb1ccf66
-
SHA512
8320577e5f00caa865f5eba68f53ebfb3b51b2d6da3a7c5a8a75ee24c8cad78f3b84626dfc1e72151b1615e44764a8801b80cce1cce1d7a131a5f2685e0dcadc
-
SSDEEP
24576:7Wld/vZGKtu1Dze6HDpLJKvEcYJLn21inkWxQMvlhfZKFfpGsQLUKorLX9uRMnyR:7PKYxupGEuPtI6c
Static task
static1
Behavioral task
behavioral1
Sample
QUOTATION_ MAR 300377FIBA00541_PDF.scr
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
QUOTATION_ MAR 300377FIBA00541_PDF.scr
Resource
win10v2004-20230220-en
Malware Config
Extracted
warzonerat
46.183.216.163:24626
Targets
-
-
Target
QUOTATION_ MAR 300377FIBA00541_PDF.scr
-
Size
1.9MB
-
MD5
0d472e5124d01d8370e53ac3e3755eee
-
SHA1
8e121b294da073a8f728ae141db7a98eba8d2ba4
-
SHA256
d4b826238b85f99b00a92e02e06a8373f0f132bf1b6f4a64c09deb0aeb1ccf66
-
SHA512
8320577e5f00caa865f5eba68f53ebfb3b51b2d6da3a7c5a8a75ee24c8cad78f3b84626dfc1e72151b1615e44764a8801b80cce1cce1d7a131a5f2685e0dcadc
-
SSDEEP
24576:7Wld/vZGKtu1Dze6HDpLJKvEcYJLn21inkWxQMvlhfZKFfpGsQLUKorLX9uRMnyR:7PKYxupGEuPtI6c
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-