General
-
Target
order_inquiry2094.xls.exe
-
Size
628KB
-
Sample
210406-m6rd5rys2e
-
MD5
003847b258308e9f6eb05039a6e5de21
-
SHA1
3093af80d725fbc8cbac621c938a512464a698da
-
SHA256
fbe04315f08ff50022d31fb59aeb9462d9930ea7fb84ebe4cdfd5d9fedc4b0df
-
SHA512
f535d9a2e1653141bc9043570e6593760918c2a66b9a583b95a281db8e9b495c07682b426e222fd5658edf62e6cb44017bd5a4372b028de9a391f2fc59d4e02d
Static task
static1
Behavioral task
behavioral1
Sample
order_inquiry2094.xls.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
order_inquiry2094.xls.exe
Resource
win10v20201028
Malware Config
Extracted
warzonerat
79.134.225.102:1414
Targets
-
-
Target
order_inquiry2094.xls.exe
-
Size
628KB
-
MD5
003847b258308e9f6eb05039a6e5de21
-
SHA1
3093af80d725fbc8cbac621c938a512464a698da
-
SHA256
fbe04315f08ff50022d31fb59aeb9462d9930ea7fb84ebe4cdfd5d9fedc4b0df
-
SHA512
f535d9a2e1653141bc9043570e6593760918c2a66b9a583b95a281db8e9b495c07682b426e222fd5658edf62e6cb44017bd5a4372b028de9a391f2fc59d4e02d
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-