Overview

overview

10

Static

static

catalogue_...ed.exe

windows7_x64

10

catalogue_...ed.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    catalogue_2021_samples_list_revised.exe

  • Size

    1.3MB

  • Sample

    210111-vk8d4nb2hn

  • MD5

    e273cbf8e92730099ee6eec6a983872e

  • SHA1

    61ff93049d83312f75dfb46ff3cf928a10950a5a

  • SHA256

    8fa012cc7bebb93ce19f2d74819faccf7ce9d7aad53c65373432d794726506e5

  • SHA512

    2dffe3d810b494b31c5adef6641a104b4937c265340fffd5441a8c3cbd20808848c2e3ff66dfcd97651592e2c74be148abd1a11963050d4b430785ef8cc97aed

Score
10/10
warzoneratinfostealerrat

Malware Config

Extracted

Family

warzonerat

C2

52.146.42.226:5600

Targets

    • Target

      catalogue_2021_samples_list_revised.exe

    • Size

      1.3MB

    • MD5

      e273cbf8e92730099ee6eec6a983872e

    • SHA1

      61ff93049d83312f75dfb46ff3cf928a10950a5a

    • SHA256

      8fa012cc7bebb93ce19f2d74819faccf7ce9d7aad53c65373432d794726506e5

    • SHA512

      2dffe3d810b494b31c5adef6641a104b4937c265340fffd5441a8c3cbd20808848c2e3ff66dfcd97651592e2c74be148abd1a11963050d4b430785ef8cc97aed

    Score
    10/10
    warzoneratinfostealerrat

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

      ratinfostealerwarzonerat

    • Warzone RAT Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks