General
-
Target
Need Price No.34 10-03-2023.xlsx
-
Size
1.0MB
-
Sample
230310-qsynlaff3y
-
MD5
afd2e15a47dc9394c96f5e83078ea288
-
SHA1
b17977343c32004cc7e2f692fd04ee0ec3bea0b5
-
SHA256
c1158a1df03d75859f08f5e9f8909ea8bf5c63a6dbc78485d543dfa461cfe478
-
SHA512
04fe7fc6491f67a7aa52bfd1a9a47861ea555c3a68b5bf75b79727126cb8b9ff6b33d1dfff7797ff60cd4cf35f596f376348b053da230f44e62f2640be7ea1a9
-
SSDEEP
24576:9bvFPyNd0ViftpBbbnKpm7BYYnhyovhkfbXk/jj2HB:bPyNqif7VnK5Aysh8XmjKh
Static task
static1
Behavioral task
behavioral1
Sample
Need Price No.34 10-03-2023.xlsx
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Need Price No.34 10-03-2023.xlsx
Resource
win10v2004-20230220-en
Malware Config
Extracted
warzonerat
konkation.duckdns.org:6548
Targets
-
-
Target
Need Price No.34 10-03-2023.xlsx
-
Size
1.0MB
-
MD5
afd2e15a47dc9394c96f5e83078ea288
-
SHA1
b17977343c32004cc7e2f692fd04ee0ec3bea0b5
-
SHA256
c1158a1df03d75859f08f5e9f8909ea8bf5c63a6dbc78485d543dfa461cfe478
-
SHA512
04fe7fc6491f67a7aa52bfd1a9a47861ea555c3a68b5bf75b79727126cb8b9ff6b33d1dfff7797ff60cd4cf35f596f376348b053da230f44e62f2640be7ea1a9
-
SSDEEP
24576:9bvFPyNd0ViftpBbbnKpm7BYYnhyovhkfbXk/jj2HB:bPyNqif7VnK5Aysh8XmjKh
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-