General
-
Target
Official-PaymentDetail15012021.doc
-
Size
3.6MB
-
Sample
210115-nen55spw56
-
MD5
d0067fec7b7ccc9a37fb8fe52cf9dd98
-
SHA1
7f959612668dfa1565ee6523a47178566b1c2b3f
-
SHA256
5e2fa30500b10cdb21e9c221603132cddc9ad1eea0046ade38b10fc9d60743f6
-
SHA512
7a3e4c124c8f7425f00e00950bfcad6cfdf140d02ab073d1834932a637f219d7bbb2b2530b8fc501098c37098d1e5c25cd0d8015769e599d7943af02d829b28f
Static task
static1
Behavioral task
behavioral1
Sample
Official-PaymentDetail15012021.doc
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Official-PaymentDetail15012021.doc
Resource
win10v20201028
Malware Config
Extracted
warzonerat
79.134.225.23:5200
Targets
-
-
Target
Official-PaymentDetail15012021.doc
-
Size
3.6MB
-
MD5
d0067fec7b7ccc9a37fb8fe52cf9dd98
-
SHA1
7f959612668dfa1565ee6523a47178566b1c2b3f
-
SHA256
5e2fa30500b10cdb21e9c221603132cddc9ad1eea0046ade38b10fc9d60743f6
-
SHA512
7a3e4c124c8f7425f00e00950bfcad6cfdf140d02ab073d1834932a637f219d7bbb2b2530b8fc501098c37098d1e5c25cd0d8015769e599d7943af02d829b28f
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-