General
-
Target
Purchase Order and Contract Agreement Namtip THAI CO.doc
-
Size
3.2MB
-
Sample
210120-a8p8lz63de
-
MD5
038db1fe98b190bdb85793f6b39bbdd8
-
SHA1
3cb9e4978cdb7e817b769ed4f13eadeac76c0014
-
SHA256
8893a5c23f09b252b052cfafadce1065e5934c1f2877a4a11e98467faee05340
-
SHA512
cff65285dc3d0968b4a29f267e3b0beb488529252f4a36e7ac9817344fea74f42beae08ac482f7ab825b34353236561689dc96cb202098af68a74de6cdeafdfc
Static task
static1
Behavioral task
behavioral1
Sample
Purchase Order and Contract Agreement Namtip THAI CO.doc
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Purchase Order and Contract Agreement Namtip THAI CO.doc
Resource
win10v20201028
Malware Config
Extracted
warzonerat
79.134.225.79:5300
Targets
-
-
Target
Purchase Order and Contract Agreement Namtip THAI CO.doc
-
Size
3.2MB
-
MD5
038db1fe98b190bdb85793f6b39bbdd8
-
SHA1
3cb9e4978cdb7e817b769ed4f13eadeac76c0014
-
SHA256
8893a5c23f09b252b052cfafadce1065e5934c1f2877a4a11e98467faee05340
-
SHA512
cff65285dc3d0968b4a29f267e3b0beb488529252f4a36e7ac9817344fea74f42beae08ac482f7ab825b34353236561689dc96cb202098af68a74de6cdeafdfc
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-