General
-
Target
Order#7631298.slip..xls...exe
-
Size
543KB
-
Sample
211028-fkpqlshbh7
-
MD5
9cb16b19535f9fa43ba9398c4390889e
-
SHA1
d8d8f8be6a0bb8343330d108d6c7467f4f0082fd
-
SHA256
aae4755bbcb113d841a8d12c5f1c1523f193c6f6db23598f49cf2a1c9a4b8cd4
-
SHA512
44f1df322013586b328ce12bd7e29cbd8e88fa8a783830947b154a747cc66cb367391fc6edfb72346371108c0b91f15850b7367f79ed610178d4ec737bcd6336
Static task
static1
Behavioral task
behavioral1
Sample
Order#7631298.slip..xls...exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
Order#7631298.slip..xls...exe
Resource
win10-en-20211014
Malware Config
Extracted
warzonerat
185.222.57.242:1004
Targets
-
-
Target
Order#7631298.slip..xls...exe
-
Size
543KB
-
MD5
9cb16b19535f9fa43ba9398c4390889e
-
SHA1
d8d8f8be6a0bb8343330d108d6c7467f4f0082fd
-
SHA256
aae4755bbcb113d841a8d12c5f1c1523f193c6f6db23598f49cf2a1c9a4b8cd4
-
SHA512
44f1df322013586b328ce12bd7e29cbd8e88fa8a783830947b154a747cc66cb367391fc6edfb72346371108c0b91f15850b7367f79ed610178d4ec737bcd6336
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Suspicious use of SetThreadContext
-