General
-
Target
SecuriteInfo.com.Exploit.CVE-2018-0798.4.4196.9009.rtf
-
Size
3KB
-
Sample
221206-qt4w1afc2y
-
MD5
be3b9a7ca16d063b9b2b3c132edb0f79
-
SHA1
045318816244ba901aeb001c114ec5d97b18b6cd
-
SHA256
6841bbfdc2ef1768e7b3bca495a17b425726362e086456be2e0ba97a16c97852
-
SHA512
b597ace309591d07e54d10918077043f4d5ba1105ac66be77efbf7d4aa3b05587bc16811f15098f298702955f94bc350207c5080b1759ef02af77e3b1cb6cd89
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Exploit.CVE-2018-0798.4.4196.9009.rtf
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Exploit.CVE-2018-0798.4.4196.9009.rtf
Resource
win10v2004-20220812-en
Malware Config
Extracted
warzonerat
baramac.duckdns.org:6269
Targets
-
-
Target
SecuriteInfo.com.Exploit.CVE-2018-0798.4.4196.9009.rtf
-
Size
3KB
-
MD5
be3b9a7ca16d063b9b2b3c132edb0f79
-
SHA1
045318816244ba901aeb001c114ec5d97b18b6cd
-
SHA256
6841bbfdc2ef1768e7b3bca495a17b425726362e086456be2e0ba97a16c97852
-
SHA512
b597ace309591d07e54d10918077043f4d5ba1105ac66be77efbf7d4aa3b05587bc16811f15098f298702955f94bc350207c5080b1759ef02af77e3b1cb6cd89
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-