General
-
Target
SecuriteInfo.com.__vbaHresultCheckObj.8709.4023
-
Size
723KB
-
Sample
211202-e9efhabcfm
-
MD5
c344d65c21f6ea39c6be100c5e6cdd85
-
SHA1
86d8d6fd0753b356d2b9f434d0dd81c58e120738
-
SHA256
7ae5e02834e7219a820a9ce756d4ee8efe50c988bd8ed876800c7bbb6890c680
-
SHA512
9843fd943f86f228b73d905c69bc8ec4ad79866498dfcb38a14e9ebf662adbf70a04f7860f0f13a446fbf494594c3d518913b861bde8a96dcd4f527315b15de4
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.__vbaHresultCheckObj.8709.4023.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
SecuriteInfo.com.__vbaHresultCheckObj.8709.4023.exe
Resource
win10-en-20211104
Malware Config
Extracted
warzonerat
emba.espielweinstein.pw:56056
Targets
-
-
Target
SecuriteInfo.com.__vbaHresultCheckObj.8709.4023
-
Size
723KB
-
MD5
c344d65c21f6ea39c6be100c5e6cdd85
-
SHA1
86d8d6fd0753b356d2b9f434d0dd81c58e120738
-
SHA256
7ae5e02834e7219a820a9ce756d4ee8efe50c988bd8ed876800c7bbb6890c680
-
SHA512
9843fd943f86f228b73d905c69bc8ec4ad79866498dfcb38a14e9ebf662adbf70a04f7860f0f13a446fbf494594c3d518913b861bde8a96dcd4f527315b15de4
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-