General
-
Target
neue bestellung.PDF.exe
-
Size
652KB
-
Sample
210223-7jqe4mrmya
-
MD5
a0b16d3a4ce67631e8681b3d3069772c
-
SHA1
28f64d87e10a9d5f4fe4c508f431b0b0e6ca9103
-
SHA256
6131d15e138a07ea92924656ba389ef9ad1001ec1ca144be9e7f335b46b1ae9f
-
SHA512
8c3134360a12e0154cc789cb363ec8ac287ca3066c85366c633a998a4ec349e6daf8e8134459eeb9b19c4fdc13135fb032957f2dfa010bd71061d8f048cd0ebe
Static task
static1
Behavioral task
behavioral1
Sample
neue bestellung.PDF.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
neue bestellung.PDF.exe
Resource
win10v20201028
Malware Config
Extracted
warzonerat
194.5.97.48:3141
Targets
-
-
Target
neue bestellung.PDF.exe
-
Size
652KB
-
MD5
a0b16d3a4ce67631e8681b3d3069772c
-
SHA1
28f64d87e10a9d5f4fe4c508f431b0b0e6ca9103
-
SHA256
6131d15e138a07ea92924656ba389ef9ad1001ec1ca144be9e7f335b46b1ae9f
-
SHA512
8c3134360a12e0154cc789cb363ec8ac287ca3066c85366c633a998a4ec349e6daf8e8134459eeb9b19c4fdc13135fb032957f2dfa010bd71061d8f048cd0ebe
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-