General
-
Target
Jiuwu Hi-tech Pricelist February 2023.doc
-
Size
1.4MB
-
Sample
230222-qacy6sbf79
-
MD5
dd765b59cacb9d97b69624315dfba7f3
-
SHA1
19c5e16cd8d0041cb067eeda785ebd4042c390fd
-
SHA256
3bb225609921fc8a6f81296bb1b6a03ec7441babff46560ab365cfdffa954626
-
SHA512
0d0e372a7e680b5b7cebfb4c88998db0a694ec07ed6b2e8a88ced93fc7f4476f337cd0f126f5fc8825142e4d4f6d7258e55a125a10e1aadb58ea51a4c3ba7c43
-
SSDEEP
24576:VUIC8gc6z9SVIYaDMDRviAOHV7WXO1f5xxmz8W6nVAw12dOLR37llSPN1JhgLMur:a
Static task
static1
Behavioral task
behavioral1
Sample
Jiuwu Hi-tech Pricelist February 2023.rtf
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Jiuwu Hi-tech Pricelist February 2023.rtf
Resource
win10v2004-20230220-en
Malware Config
Extracted
warzonerat
blackroots7.duckdns.org:1104
Targets
-
-
Target
Jiuwu Hi-tech Pricelist February 2023.doc
-
Size
1.4MB
-
MD5
dd765b59cacb9d97b69624315dfba7f3
-
SHA1
19c5e16cd8d0041cb067eeda785ebd4042c390fd
-
SHA256
3bb225609921fc8a6f81296bb1b6a03ec7441babff46560ab365cfdffa954626
-
SHA512
0d0e372a7e680b5b7cebfb4c88998db0a694ec07ed6b2e8a88ced93fc7f4476f337cd0f126f5fc8825142e4d4f6d7258e55a125a10e1aadb58ea51a4c3ba7c43
-
SSDEEP
24576:VUIC8gc6z9SVIYaDMDRviAOHV7WXO1f5xxmz8W6nVAw12dOLR37llSPN1JhgLMur:a
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-