General
-
Target
PR142663982RFP.xls.exe
-
Size
649KB
-
Sample
210305-v4hjsjyhvs
-
MD5
99cef60409b13a3ebc20998dd25c0b2f
-
SHA1
5a293251cbd25098185b5177b031c45a50472228
-
SHA256
b1b6dd7f3a2eb222c3287e31b61a85b23ad0b037b8510d172b03b99565da80b8
-
SHA512
430f0a03dcd67125a4ca5945a771b5fefe116d6d2684a6ebd2f3e4600d51336dde7cd85fdff3cf1c34a0924d5b636de64e5d503bc7e6c184db8a18f7e6cc684d
Static task
static1
Behavioral task
behavioral1
Sample
PR142663982RFP.xls.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
PR142663982RFP.xls.exe
Resource
win10v20201028
Malware Config
Extracted
warzonerat
194.5.97.48:3141
Targets
-
-
Target
PR142663982RFP.xls.exe
-
Size
649KB
-
MD5
99cef60409b13a3ebc20998dd25c0b2f
-
SHA1
5a293251cbd25098185b5177b031c45a50472228
-
SHA256
b1b6dd7f3a2eb222c3287e31b61a85b23ad0b037b8510d172b03b99565da80b8
-
SHA512
430f0a03dcd67125a4ca5945a771b5fefe116d6d2684a6ebd2f3e4600d51336dde7cd85fdff3cf1c34a0924d5b636de64e5d503bc7e6c184db8a18f7e6cc684d
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-