General
-
Target
916605b32ad795005cb071ec793e23c2a4bcdf88.exe
-
Size
635KB
-
Sample
211019-mjrbdagehl
-
MD5
5d86cd9be03802d577a215ac3ec0dce1
-
SHA1
916605b32ad795005cb071ec793e23c2a4bcdf88
-
SHA256
00d211d4c0664cdeab245f8186a52a2f0486a2c910d28bcd69228a8b75fce113
-
SHA512
42f9414b973be42246058702a5dffb632817e3465a79f8f4d48b37f680cafb999d1a8d709ec95303394afed8cb9298f017363e6b77fc6a5736428a8bf290286e
Static task
static1
Behavioral task
behavioral1
Sample
916605b32ad795005cb071ec793e23c2a4bcdf88.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
916605b32ad795005cb071ec793e23c2a4bcdf88.exe
Resource
win10-en-20210920
Malware Config
Extracted
formbook
4.1
k9d0
http://www.dotgroup-email.com/k9d0/
flourishpodcast.xyz
xn--nga.group
music-tomato.com
motory.store
arrivehike.info
xn--diseowebseo-4db.com
centpourcentsons.com
qnnjja005.xyz
annielynnrose.com
darlaevans.com
door-maximum.com
chinataibaifen.com
stickerhicks.com
ta2gamesstudio.com
jendelanews.com
milestoneneuro.com
premierconciergehomes.com
exitcounter.com
jrsway.com
famurainmobiliaria.com
rutielvoitte.xyz
dhft.xyz
fshesan.com
farmaciavicentellaudesfmas.com
aolchattranscripts.com
huangzh.store
treybenson.com
globalnepalimusicaward.com
red0rangejuice.com
getfreemushrooms.net
miro24.icu
agiatektro.com
nature-hugreen.com
hiaey.online
mysupersol.com
ordermeikingpawtucket.com
xyaomao.com
epistledigital.com
robertgeniesse.com
6m8r6i.icu
metalodging.com
mailez1.net
fondoimpresadonna.com
suckhoemoingay26.website
palakasorel.rest
expanchemlcals.com
itfgf.xyz
hindiepustakalaya.com
axieinfiniti.net
med-news.club
geekgarment.com
sanaviiva.xyz
unicouno.com
northcromepoa.com
sanclementesportsacademy.com
ventasjustin.com
d7snv.xyz
yutasblog.com
kingcloud88.com
ijibejivv.xyz
routhchafe.com
arcane-sentinels.com
sscd5g.icu
seo-kumar.com
Extracted
warzonerat
kw9d0w.duckdns.org:4192
Targets
-
-
Target
916605b32ad795005cb071ec793e23c2a4bcdf88.exe
-
Size
635KB
-
MD5
5d86cd9be03802d577a215ac3ec0dce1
-
SHA1
916605b32ad795005cb071ec793e23c2a4bcdf88
-
SHA256
00d211d4c0664cdeab245f8186a52a2f0486a2c910d28bcd69228a8b75fce113
-
SHA512
42f9414b973be42246058702a5dffb632817e3465a79f8f4d48b37f680cafb999d1a8d709ec95303394afed8cb9298f017363e6b77fc6a5736428a8bf290286e
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Formbook Payload
-
Warzone RAT Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-