General
-
Target
PRODUCTS INQUIRY 228.exe
-
Size
1.0MB
-
Sample
230404-vvwdgaaf9w
-
MD5
aaa75ef6b31883aada3cbe14a3b000be
-
SHA1
73aca3c4d320afe0ae23a71831d6cc5528ea6c71
-
SHA256
4ec081f16baabe564b1038b86fe09f8b6fb3ef70a83abb23141e423fb36a42ec
-
SHA512
5f34f8f142fc3d456468df9ed6a05e540af3eac13e10592470a552900b609b921f30d727f22c21a0959de7932c6c3dde6558833119739bb3457a4e183d142799
-
SSDEEP
12288:VVmvSJR+u2NxZecauQFNV/7Md2kuhbV/VTpxE+22NNeT7gGpidVIcM3Uh664cYXC:+zloV5y1nsloHGgunvfD
Static task
static1
Behavioral task
behavioral1
Sample
PRODUCTS INQUIRY 228.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
PRODUCTS INQUIRY 228.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
warzonerat
panchak.duckdns.org:5050
Targets
-
-
Target
PRODUCTS INQUIRY 228.exe
-
Size
1.0MB
-
MD5
aaa75ef6b31883aada3cbe14a3b000be
-
SHA1
73aca3c4d320afe0ae23a71831d6cc5528ea6c71
-
SHA256
4ec081f16baabe564b1038b86fe09f8b6fb3ef70a83abb23141e423fb36a42ec
-
SHA512
5f34f8f142fc3d456468df9ed6a05e540af3eac13e10592470a552900b609b921f30d727f22c21a0959de7932c6c3dde6558833119739bb3457a4e183d142799
-
SSDEEP
12288:VVmvSJR+u2NxZecauQFNV/7Md2kuhbV/VTpxE+22NNeT7gGpidVIcM3Uh664cYXC:+zloV5y1nsloHGgunvfD
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-