General
-
Target
REFO21668.xlsx.rar
-
Size
309KB
-
Sample
210716-5q1nbzdzg2
-
MD5
0e6d538c1f3d96178c802cbd124b4fcf
-
SHA1
5b4e9911fcb69a71480b9af50823cdd65ac4b70f
-
SHA256
1c6841eed63f41cdbc5b07472d35a762daeff0b3b35f6a6df39859aad8ec7488
-
SHA512
ac5c84937f028e5fae42cfe056bd6b9520c5a07e380635e3715f87556fb01a90a707e5b17c0bae6f65ed4451b808a8d4ea04f5d2354f6aa8db4c644ed54ea185
Static task
static1
Behavioral task
behavioral1
Sample
REFO21668.xlsx.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
REFO21668.xlsx.exe
Resource
win10v20210408
Malware Config
Extracted
warzonerat
blacice24.hopto.org:5032
Targets
-
-
Target
REFO21668.xlsx.exe
-
Size
403KB
-
MD5
c608a08fb7b01f8fae2707d4d7f76bc7
-
SHA1
78f06e5a4eb12ebb3afdd5026ce78cd8afa1b5a1
-
SHA256
69d13ed33f3712063fae1094b337ddc9e3b8ca02762adc10553630d145e6dfb1
-
SHA512
656c73ec657597f81d9be6748af315cb86e923c7b735204855a5dd690f14bdd76c33b28af8d837b6bb161e9bbf7295be7daf3bc116fbda47299845464d772017
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-