Overview

overview

10

Static

static

ReQUOTATIO...29.exe

windows7_x64

1

ReQUOTATIO...29.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ReQUOTATION_REQUEST20200829.exe

  • Size

    712KB

  • Sample

    200828-765px28e4j

  • MD5

    2114535592ff9c28d5bd897c10caada2

  • SHA1

    dd06260610bc0a4dbfcb0778cd4fdf703e10770e

  • SHA256

    30690dd57acb0fdd1b40b8985089381f463d9cc0601605782624283be72be025

  • SHA512

    c66835bd7c66a1c957f13257718dc36b8f94af8211995cf776b4dff97e1420bf2be926de64153e4ef6f6a96e8e05fe7d39611a6eb7d6c3b6f3b7f2cc8f3f7537

Score
10/10
warzoneratinfostealerratspyware

Malware Config

Targets

    • Target

      ReQUOTATION_REQUEST20200829.exe

    • Size

      712KB

    • MD5

      2114535592ff9c28d5bd897c10caada2

    • SHA1

      dd06260610bc0a4dbfcb0778cd4fdf703e10770e

    • SHA256

      30690dd57acb0fdd1b40b8985089381f463d9cc0601605782624283be72be025

    • SHA512

      c66835bd7c66a1c957f13257718dc36b8f94af8211995cf776b4dff97e1420bf2be926de64153e4ef6f6a96e8e05fe7d39611a6eb7d6c3b6f3b7f2cc8f3f7537

    Score
    10/10
    ratinfostealerwarzoneratspyware

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

      ratinfostealerwarzonerat

    • Warzone RAT Payload

      rat

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks