General
-
Target
Inq Form.xls.zip
-
Size
233KB
-
Sample
211028-bx3e1sghc2
-
MD5
95cee3c4a14ed4511b87129712072f61
-
SHA1
cc20e0998ecadaa951a72e8a2933460cff01c32f
-
SHA256
81c07da6f5f23512b16930ec072e5ec18183248039f10c4897cafe1324490986
-
SHA512
1502e7e742fb83e53e64fead80677458e751432670fa0e479b80a918c99d6edaf67caa4448328fc17bcece262f293006ee16fdb804ea17ea679d6eb038779632
Static task
static1
Behavioral task
behavioral1
Sample
Inq Form.xls.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
Inq Form.xls.exe
Resource
win10-en-20210920
Malware Config
Extracted
warzonerat
alliedofficewarz.ddns.net:6060
Targets
-
-
Target
Inq Form.xls.exe
-
Size
245KB
-
MD5
4fcf859ac18a9562510e3ed11210340f
-
SHA1
33e1fe0812598dbc752469f8b142a7988d83e7ea
-
SHA256
8bd87aa08be3aebea3031d2ed817267f3b0a8272e39f396ae4ab4de256956455
-
SHA512
5ce07cb3969a7a55dc310d30460aa5fc8f0400c2c216f45be1eb9bca874eafec8511a46b0e997ef6be0f7c68932838846e6756a195f6b44af4cc1272c232d789
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-