General
-
Target
cargo documents.pdf.exe
-
Size
183KB
-
Sample
220606-jjncyabaaj
-
MD5
f0bec0deb10b8bc59a5b2d207b4cdeef
-
SHA1
452b936847f131abd4b872815ab35c9b9bcd9cbb
-
SHA256
b4b14f0512858ecd957152f6f21d06070ad3f371206568871d0f92d5a41ecd83
-
SHA512
a57437bba1a5b9bb8ce2754290e80a5ed78adb8a8017305fe30ac1a7a95c5480fd771a7b35ccd048d17dba2409f74e8c407523a0f0aa61559392c4f0fc95164e
Static task
static1
Behavioral task
behavioral1
Sample
cargo documents.pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
cargo documents.pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
warzonerat
udooiuyt.dynamic-dns.net:5200
Targets
-
-
Target
cargo documents.pdf.exe
-
Size
183KB
-
MD5
f0bec0deb10b8bc59a5b2d207b4cdeef
-
SHA1
452b936847f131abd4b872815ab35c9b9bcd9cbb
-
SHA256
b4b14f0512858ecd957152f6f21d06070ad3f371206568871d0f92d5a41ecd83
-
SHA512
a57437bba1a5b9bb8ce2754290e80a5ed78adb8a8017305fe30ac1a7a95c5480fd771a7b35ccd048d17dba2409f74e8c407523a0f0aa61559392c4f0fc95164e
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
suricata: ET MALWARE Ave Maria/Warzone RAT Encrypted CnC Checkin
suricata: ET MALWARE Ave Maria/Warzone RAT Encrypted CnC Checkin
-
suricata: ET MALWARE Ave Maria/Warzone RAT Encrypted CnC Checkin (Inbound)
suricata: ET MALWARE Ave Maria/Warzone RAT Encrypted CnC Checkin (Inbound)
-
Warzone RAT Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-