General
-
Target
order of quotationpdf.exe
-
Size
5.2MB
-
Sample
230404-mxtcwsed34
-
MD5
3a222ba5c055f7e201ae3a121fe9db9a
-
SHA1
2d48a7a17e8923c26772554a74283f42b9627074
-
SHA256
0707a593ad8753e14a7b1dba97a1889f039312faded9165d76920a6c25bc8388
-
SHA512
f5098d4a28624228af1902686bb805d14cf79a6ce186ee25d084e66cc9d13be8b89e3fcca391c1b2c403389144853c9bb1e995217df11ab56a9a60841211fa06
-
SSDEEP
49152:UIoUnxXdZosToeyp2++zNccaBD19HY5VizkTuQCAlwHyTGhZMk:nnxos0pbB/
Static task
static1
Behavioral task
behavioral1
Sample
order of quotationpdf.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
order of quotationpdf.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
warzonerat
193.47.61.26:5200
Targets
-
-
Target
order of quotationpdf.exe
-
Size
5.2MB
-
MD5
3a222ba5c055f7e201ae3a121fe9db9a
-
SHA1
2d48a7a17e8923c26772554a74283f42b9627074
-
SHA256
0707a593ad8753e14a7b1dba97a1889f039312faded9165d76920a6c25bc8388
-
SHA512
f5098d4a28624228af1902686bb805d14cf79a6ce186ee25d084e66cc9d13be8b89e3fcca391c1b2c403389144853c9bb1e995217df11ab56a9a60841211fa06
-
SSDEEP
49152:UIoUnxXdZosToeyp2++zNccaBD19HY5VizkTuQCAlwHyTGhZMk:nnxos0pbB/
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-