General
-
Target
KR22190.xlsx.exe
-
Size
1.3MB
-
Sample
230322-y69l1sdb4s
-
MD5
edc4d988e087a9a91f13d19df5dc7b00
-
SHA1
716697f5e6e8c3b453ef06feea4aadf581f1929e
-
SHA256
366d56c69b0267ee6ac2a27cc199911123ed7f511d3e54ac1c69f52236644e84
-
SHA512
eb0cf37543a8370e33ef76a9fb45f4143a90d841178b4a23cf16d65831f69b37e54e165b62afdbde61727ce66f0bc9b57e1e4138fd1c218ae6866458ba3fedc2
-
SSDEEP
12288:Uw7JF3ADz1KGRbItXhuWw3L/2TN3SBP8WYXhuFvpmeFM8jdfA3zpWSzOgj:UqaIM72BiBUWFg0Mihm4Szr
Static task
static1
Behavioral task
behavioral1
Sample
KR22190.xlsx.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
KR22190.xlsx.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
warzonerat
45.137.116.170:5200
Targets
-
-
Target
KR22190.xlsx.exe
-
Size
1.3MB
-
MD5
edc4d988e087a9a91f13d19df5dc7b00
-
SHA1
716697f5e6e8c3b453ef06feea4aadf581f1929e
-
SHA256
366d56c69b0267ee6ac2a27cc199911123ed7f511d3e54ac1c69f52236644e84
-
SHA512
eb0cf37543a8370e33ef76a9fb45f4143a90d841178b4a23cf16d65831f69b37e54e165b62afdbde61727ce66f0bc9b57e1e4138fd1c218ae6866458ba3fedc2
-
SSDEEP
12288:Uw7JF3ADz1KGRbItXhuWw3L/2TN3SBP8WYXhuFvpmeFM8jdfA3zpWSzOgj:UqaIM72BiBUWFg0Mihm4Szr
Score10/10-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT payload
-
Suspicious use of SetThreadContext
-