General
-
Target
RFQ-PO5510318.doc
-
Size
3KB
-
Sample
221202-vrfhvaca2v
-
MD5
73e90b8ab794140d531074ce5fbae281
-
SHA1
8339de2af1ae803455af991acbf8694e5c060153
-
SHA256
68b6c810be1854669614d9a1c371146ad2283ea737cd06ccbce96672bd559002
-
SHA512
7524cd91b537b04a4d9fc7a6c279a57be33a27d98469700892d51f135d806ee87bfaa9d034b232a39746c3d3eb217dbeb0d482b430b2c380a012d148456a2dbb
Static task
static1
Behavioral task
behavioral1
Sample
RFQ-PO5510318.rtf
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
RFQ-PO5510318.rtf
Resource
win10v2004-20220901-en
Malware Config
Extracted
warzonerat
revive147.duckdns.org:6513
Targets
-
-
Target
RFQ-PO5510318.doc
-
Size
3KB
-
MD5
73e90b8ab794140d531074ce5fbae281
-
SHA1
8339de2af1ae803455af991acbf8694e5c060153
-
SHA256
68b6c810be1854669614d9a1c371146ad2283ea737cd06ccbce96672bd559002
-
SHA512
7524cd91b537b04a4d9fc7a6c279a57be33a27d98469700892d51f135d806ee87bfaa9d034b232a39746c3d3eb217dbeb0d482b430b2c380a012d148456a2dbb
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-