General
-
Target
TW_PURCHASE ORDER _BENTEX LTD_26201.exe
-
Size
358KB
-
Sample
211028-fypyjahcb5
-
MD5
df979ba0a0557ff574d9ebaec0d3e0bb
-
SHA1
9d6733cbc7a3a70bfb3be841aeb78e9dff6045f1
-
SHA256
221f20319954181ff4d7b4edb299d7eb00c2a20bc1c6c3dff99d2374ae084000
-
SHA512
dea063287dbd7617df81e0ec4698df04d8bc337ddb561bc3a3037283aa2e9b7296e112ae06b676f4b2e3e90fff528b4f31c3b7f8fa0294e7181ca8bc93994f51
Static task
static1
Behavioral task
behavioral1
Sample
TW_PURCHASE ORDER _BENTEX LTD_26201.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
TW_PURCHASE ORDER _BENTEX LTD_26201.exe
Resource
win10-en-20211014
Malware Config
Extracted
warzonerat
papi1.ddns.net:10190
Extracted
formbook
4.1
pp1a
http://www.christophebigot.com/pp1a/
ytwdpk.com
1afs1f.com
yougeshpal.com
diabetologist.tips
empregodonovomilenio.com
ztransact.online
doneforyoueventbrandingkit.com
yl20215.top
teashalu.xyz
kpscreations.com
hxs1688.com
introtostudy.com
theradicalsvisions.com
trammtd.online
navsecurity.online
loit711.com
rufly.link
iwyaknfc.icu
1bet11.net
niguns.com
digiad.site
allthingsdivine.net
dongiot.com
burlakova.site
vqjoi-lqybehuacg.xyz
woundzip.com
mircuitl.xyz
motivatemommies.com
brooklynmenssoccer.com
lc497.xyz
midnightspecialvintage.com
hvmhhhn57.com
gharka.online
justindianthink.com
cha-selockedhelp.com
dmayanazcandles.com
coloradoliving.info
facebookarts.ca
account-noreply11.info
kungbron.com
joaquinadesign.com
bravowhiskeysupply.com
thenapieragency.com
eaglesfast.com
theremodelpainter.com
cosechedevosapere.com
midlamdmortage.com
pzzhub.com
holistic-therapy-saito.com
1031dealflow.com
yasalkumarsiteleri.xyz
contactat110.info
gentakipci.store
fridaytattoo.com
kelseymummert.com
zxlpgbps.com
iloveourfreedom.com
betterpros.net
surabayamagazine.com
nmszkq.com
123movies00.xyz
popheads.store
customembroideredpatches.art
bonoffrinvest.club
Targets
-
-
Target
TW_PURCHASE ORDER _BENTEX LTD_26201.exe
-
Size
358KB
-
MD5
df979ba0a0557ff574d9ebaec0d3e0bb
-
SHA1
9d6733cbc7a3a70bfb3be841aeb78e9dff6045f1
-
SHA256
221f20319954181ff4d7b4edb299d7eb00c2a20bc1c6c3dff99d2374ae084000
-
SHA512
dea063287dbd7617df81e0ec4698df04d8bc337ddb561bc3a3037283aa2e9b7296e112ae06b676f4b2e3e90fff528b4f31c3b7f8fa0294e7181ca8bc93994f51
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Formbook Payload
-
Warzone RAT Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-