General
-
Target
12f445be3eb360cb621537a9ecc077063399643860a2ee26588b69e1f13b6c84.xls
-
Size
1MB
-
Sample
221203-bhcaaaeg2s
-
MD5
46980a1034c1e50936ed93d06a2a0168
-
SHA1
f99b8d7797a6f34376a435e77879d2966facb926
-
SHA256
12f445be3eb360cb621537a9ecc077063399643860a2ee26588b69e1f13b6c84
-
SHA512
b719861c389640c1e43fc812cd770298ff87f31d7ea87a447217dae94cdab7a2326a45dc7d2a79f612c7deef18679f3016eb99d10279c085c4a718bb8da369f1
-
SSDEEP
24576:dg9r5XXXXXXXXXXXXUXXXXXXXSXXXXXXXXSm9r5XXXXXXXXXXXXUXXXXXXXSXXXH:kTsp2m2
Static task
static1
Behavioral task
behavioral1
Sample
12f445be3eb360cb621537a9ecc077063399643860a2ee26588b69e1f13b6c84.xls
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
12f445be3eb360cb621537a9ecc077063399643860a2ee26588b69e1f13b6c84.xls
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
12f445be3eb360cb621537a9ecc077063399643860a2ee26588b69e1f13b6c84.xls
-
Size
1MB
-
MD5
46980a1034c1e50936ed93d06a2a0168
-
SHA1
f99b8d7797a6f34376a435e77879d2966facb926
-
SHA256
12f445be3eb360cb621537a9ecc077063399643860a2ee26588b69e1f13b6c84
-
SHA512
b719861c389640c1e43fc812cd770298ff87f31d7ea87a447217dae94cdab7a2326a45dc7d2a79f612c7deef18679f3016eb99d10279c085c4a718bb8da369f1
-
SSDEEP
24576:dg9r5XXXXXXXXXXXXUXXXXXXXSXXXXXXXXSm9r5XXXXXXXXXXXXUXXXXXXXSXXXH:kTsp2m2
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-