General
-
Target
RFQ Supply of MBBR System.cab
-
Size
336KB
-
Sample
230416-vpetjaaf88
-
MD5
dc35d40c822c3f11e2dced52a12d51da
-
SHA1
8e1037bf6f97849baeea977bd492ecee706e8868
-
SHA256
bd7bd4e9769bc9eee10b868717dc3223fa3ea0d3d23cc2c2c2a007297e4fbef8
-
SHA512
db202fe3403258f6f6d83a019d0afb28fd6f71cbb55d230ef033a14609b18036e5f97adc33dbae2c27a0d55eecef8e5f8724315ddeaf7979fe944286b477def9
-
SSDEEP
6144:EwJjsG237i3VUPcHRLQhrcnZlQr0lsTftuvnsPkDHIjNjxdQmEZa4:Ew523iLQhrcZlQPJO1DihsmEZa4
Static task
static1
Behavioral task
behavioral1
Sample
RFQ Supply of MBBR System.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
RFQ Supply of MBBR System.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
warzonerat
emberluck.duckdns.org:5200
Targets
-
-
Target
RFQ Supply of MBBR System.exe
-
Size
852KB
-
MD5
abb2978493e6fd629c09f12a1cf3622d
-
SHA1
4fc4df1eb4775835429635304bcbb1b0540ae8a2
-
SHA256
6bba225c9fe529b2ad0f6228f264f79c466e26dbb627041a82dc4a6adea2d4a9
-
SHA512
9cdba7f3bc1d7a48f025f0f028949eb667cd29567476267ff19149fed8358f45c9bf5d8f5df78bd77a113b7a6f403caaadc5fde9c0d3e54d21dffec99dd98fa3
-
SSDEEP
12288:7/xKWyItRI5UhLaB0AiBN4Gyk2VvQuueiF7GTv+KSKPiVVZtjGybm:7IWIUhLaB0nUGykShfnKN/DG/
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
ModiLoader Second Stage
-
Warzone RAT payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-