General
-
Target
PO_00130721.xlsx
-
Size
674KB
-
Sample
210713-9hfz3natne
-
MD5
a0287f52a42bec7b8756fef7fdb37be5
-
SHA1
788f23cba38a6780a1bb0f26f7eedeebfcdff089
-
SHA256
86cb4f209e01280e5e290d87427a19a09d77e28a42c08f805d2443f17db26706
-
SHA512
9d0afe0e3fd5a01871794fb4b42a7be4e624997dccf980785600c00ada0e762291dee991d66ac6ae9dc82eeb66cf2c57df424d38447d82c8f7aa551ba609baa8
Static task
static1
Behavioral task
behavioral1
Sample
PO_00130721.xlsx
Resource
win7v20210410
Malware Config
Extracted
warzonerat
taker1234.hopto.org:5032
Targets
-
-
Target
PO_00130721.xlsx
-
Size
674KB
-
MD5
a0287f52a42bec7b8756fef7fdb37be5
-
SHA1
788f23cba38a6780a1bb0f26f7eedeebfcdff089
-
SHA256
86cb4f209e01280e5e290d87427a19a09d77e28a42c08f805d2443f17db26706
-
SHA512
9d0afe0e3fd5a01871794fb4b42a7be4e624997dccf980785600c00ada0e762291dee991d66ac6ae9dc82eeb66cf2c57df424d38447d82c8f7aa551ba609baa8
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-