General
-
Target
invoice35345.rar
-
Size
515KB
-
Sample
201126-grvknz1kfx
-
MD5
e7b48f5efa758ace9818a3ecb9ff0cf6
-
SHA1
f0908352cbf7e16d0757f80dff8bf43f322528a6
-
SHA256
674a079e480e5413fb327fab241e5ed2728d231a39fe2801dc2b7e7371ed589d
-
SHA512
8455f77635db79943ca8ea6bae1201d7c91dfcbb1fdd1f255ec6057d8aea937639406274c0479ac65345f93fe2cdd6caa0ad7eaec81be8064b806a96c6c46d79
Static task
static1
Behavioral task
behavioral1
Sample
invoice35345.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
invoice35345.exe
Resource
win10v20201028
Malware Config
Extracted
warzonerat
oluwabless.ddns.net:4422
Targets
-
-
Target
invoice35345.exe
-
Size
1.2MB
-
MD5
c03062ae6935df7b0c0e80a652e53ee6
-
SHA1
e5e0be61146ca04f9ba77901c6bccb432aae46ff
-
SHA256
d63d68ff0b5d7bd477628a455f17cd500a73bb6563a87d8781e3528417a541ff
-
SHA512
f42a13c385e8768f9d1c77c2b238110c39fe18cf8dff9e5a5f041f3776e9d13fa22f36f0dad287f0cd56e081f7e8c8dcc89e365e8c4782179ae81353c3202a02
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-