Overview

overview

10

Static

static

Contract A...nt.exe

windows7_x64

10

Contract A...nt.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Contract Agreement.exe

  • Size

    269KB

  • Sample

    201109-cv4dmklb1j

  • MD5

    a38372591737f530b778c116cb6e5c0a

  • SHA1

    410afd1494d6953c605260dc4d128d86d7728851

  • SHA256

    5c8962c65557bc5ae404143ad8d59911eb2e87fad327ae58f449b2f86cfdd63b

  • SHA512

    f1b5d10ac5d75854346fc0bacb715c75355d662eba5494c3821969a359e6c7f4de9c3df92bfb062383423c0ebdcd9c7ae1ee9ba208d129579203b29183fb4d94

Score
10/10
warzoneratinfostealerratrezer0

Malware Config

Targets

    • Target

      Contract Agreement.exe

    • Size

      269KB

    • MD5

      a38372591737f530b778c116cb6e5c0a

    • SHA1

      410afd1494d6953c605260dc4d128d86d7728851

    • SHA256

      5c8962c65557bc5ae404143ad8d59911eb2e87fad327ae58f449b2f86cfdd63b

    • SHA512

      f1b5d10ac5d75854346fc0bacb715c75355d662eba5494c3821969a359e6c7f4de9c3df92bfb062383423c0ebdcd9c7ae1ee9ba208d129579203b29183fb4d94

    Score
    10/10
    warzoneratinfostealerratrezer0

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

      ratinfostealerwarzonerat

    • Warzone RAT Payload

      rat

    • rezer0

      Detects ReZer0, a packer with multiple versions used in various campaigns.

      rezer0

    • Drops startup file

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks