General
-
Target
ORDER.doc
-
Size
28KB
-
Sample
221210-krlprafc24
-
MD5
1fd60c164339220d1c42f2e9dd495596
-
SHA1
d443c04711168281615004ada1a2915cee1173ce
-
SHA256
02e4d2f553043e2da9cb5c3c5007e4d330c98d3278d1bedfcb96fb3d0a0b6919
-
SHA512
e9c4087ae4f85e2f6db6beb3f0a49902188cbc0b3ddb961fa382a7786a005ff2850d4289d791d3a3c4b43724e604590c20539e9907771b331095034847d735e3
-
SSDEEP
768:YFx0XaIsnPRIa4fwJMnTOQy78IhCaODZ8Hl9bKdS:Yf0Xvx3EMTOQyAIhmubJ
Static task
static1
Behavioral task
behavioral1
Sample
ORDER.rtf
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
ORDER.rtf
Resource
win10v2004-20220901-en
Malware Config
Targets
-
-
Target
ORDER.doc
-
Size
28KB
-
MD5
1fd60c164339220d1c42f2e9dd495596
-
SHA1
d443c04711168281615004ada1a2915cee1173ce
-
SHA256
02e4d2f553043e2da9cb5c3c5007e4d330c98d3278d1bedfcb96fb3d0a0b6919
-
SHA512
e9c4087ae4f85e2f6db6beb3f0a49902188cbc0b3ddb961fa382a7786a005ff2850d4289d791d3a3c4b43724e604590c20539e9907771b331095034847d735e3
-
SSDEEP
768:YFx0XaIsnPRIa4fwJMnTOQy78IhCaODZ8Hl9bKdS:Yf0Xvx3EMTOQyAIhmubJ
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-