General
-
Target
HIC INTERNATIONAL - REQUEST FOR QUOTATION DOCUMENTS.rar
-
Size
608KB
-
Sample
211023-qf5alscch9
-
MD5
c23bbc7c985b841044e10c3bc6485db7
-
SHA1
756055224e8b5da715ef13d9213423ce5ca0ba4c
-
SHA256
03e298ddd47b9fec7e5fe7890b42806aa21544cc292bf115ca38f595a2a6b813
-
SHA512
379d64ed745314b53ced00f2492af77b04c24c1ee7c672cd5b66eff07a28f90cd8117412b9627c9a1e3904958e6700e81647ed7048215dc1cf199f35dcabff22
Static task
static1
Behavioral task
behavioral1
Sample
HIC INTERNATIONAL - REQUEST FOR QUOTATION DOCUMENTS.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
HIC INTERNATIONAL - REQUEST FOR QUOTATION DOCUMENTS.exe
Resource
win10-en-20210920
Malware Config
Extracted
warzonerat
45.137.22.70:4198
Extracted
formbook
4.1
cnp0
http://www.ccnsv.net/cnp0/
jiarenyuanhunlian.com
xquizitelashesnwaxx.com
rentinerie.com
herbalpedia-id.com
openseagames.com
re-swap.com
william-cook.com
segensv.com
versebay.com
brendanlairdsound.com
bypestor.com
hospitaldelpc.net
wwwroadrunnerfinancial.com
waterhammerstudios.com
hustleandbank.photography
secure01bchslogin.com
rarepeperanking.com
greatland.company
happybirthdayjewel.com
raheok.store
citrusarrow.coffee
midwest-oktoberfest.com
dpcuow.com
creativeartsfilmacademy.biz
sse-audio.com
offertasuperfibra.com
gizpsikolojikdanisma.com
7aomoquzb9.com
filthycarproductions.online
fuquba.com
lovinzion.com
istanbulmadencilik.com
treasuretroveofrecipes.com
exploitporbrl.xyz
seneorreward.com
sx-mz.com
mylcsservices.digital
paidimage.xyz
tayyqc.com
congoqueen.com
cerrajerovalls.online
iwasehokenservice.net
chuahoinach.net
savouri.online
brandonjanisieski.com
seo-clicks7.com
aplusvibe.com
incotporate.com
webdyx.com
pit.land
sdnfmrmi.com
skinbluecap.com
maestractiva.com
tianshunhong.com
maddenconstance.com
wonderkdesign.com
keycuracao.com
lebzcl.com
toriyabeblog.com
clicksfrog.com
the22yards.club
peakprocesssolutions.com
sustainabilityreview.com
onceuponawreathde.com
Targets
-
-
Target
HIC INTERNATIONAL - REQUEST FOR QUOTATION DOCUMENTS.exe
-
Size
821KB
-
MD5
577a4f4a604b0a05da9ec1781fd5894f
-
SHA1
6117b837be45aed2122d1ef9e7dd6d9f3eaadadd
-
SHA256
26b85e1456b150775c4d4a77a57be2e99ac5429998184c8a576adef665e9ac72
-
SHA512
8f0f4dbe1520b6494754bceac6c16ea0a213bb91882eb76f012fdc3aeaffa4dd4d513272dff9356d950bbad0d0165c4ac0abaff1a99ded4692eb35c1123bc185
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Formbook Payload
-
Warzone RAT Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-