Overview

overview

10

Static

static

Leaked sex...EG.exe

windows7_x64

10

Leaked sex...EG.exe

windows10_x64

10

Analysis

  • max time kernel
    138s
  • max time network
    148s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    14-01-2021 18:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Leaked sex Tape MT Govt -copy- JPEG.exe

  • Size

    296KB

  • MD5

    364e06fdc0046cc32b4a524d5aaf5a45

  • SHA1

    7655db23b8887da6da8c5be7f3378ac715afcb2b

  • SHA256

    cf6fc4b3a468d55d129b5289cde3faa6221f5ff683cd044822764e974b75fbd0

  • SHA512

    eab4b6c9dae3b8d69d71d97c8b86665e34d2fef1c2edf30b05b09bd7a545b35ee405a36195c0c510d670f9b4533e921056649747ee2d3f2c02f7d07eee907f20

Score
10/10
warzoneratinfostealerrat

Malware Config

Extracted

Family

warzonerat

C2

dompe.awsmppl.com:4050

Signatures

  • WarzoneRat, AveMaria

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    ratinfostealerwarzonerat
  • Warzone RAT Payload 3 IoCs
    rat
  • Drops startup file 2 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 52 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Leaked sex Tape MT Govt -copy- JPEG.exe
    "C:\Users\Admin\AppData\Local\Temp\Leaked sex Tape MT Govt -copy- JPEG.exe"
    1⤵
    • Drops startup file
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:816
    • C:\Users\Admin\AppData\Local\Temp\Leaked sex Tape MT Govt -copy- JPEG.exe
      "C:\Users\Admin\AppData\Local\Temp\Leaked sex Tape MT Govt -copy- JPEG.exe"
      2⤵
        PID:1956
      • C:\Users\Admin\AppData\Local\Temp\Leaked sex Tape MT Govt -copy- JPEG.exe
        "C:\Users\Admin\AppData\Local\Temp\Leaked sex Tape MT Govt -copy- JPEG.exe"
        2⤵
          PID:3024

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/816-2-0x0000000074070000-0x000000007475E000-memory.dmp
        Filesize

        6.9MB

        Download
      • memory/816-3-0x0000000000380000-0x0000000000381000-memory.dmp
        Filesize

        4KB

        Download
      • memory/816-5-0x0000000005020000-0x0000000005021000-memory.dmp
        Filesize

        4KB

        Download
      • memory/816-6-0x0000000004C00000-0x0000000004C01000-memory.dmp
        Filesize

        4KB

        Download
      • memory/816-7-0x0000000004CA0000-0x0000000004CA1000-memory.dmp
        Filesize

        4KB

        Download
      • memory/816-8-0x0000000004EE0000-0x0000000004EE1000-memory.dmp
        Filesize

        4KB

        Download
      • memory/816-9-0x0000000004E60000-0x0000000004E61000-memory.dmp
        Filesize

        4KB

        Download
      • memory/816-10-0x0000000004F60000-0x0000000004F8E000-memory.dmp
        Filesize

        184KB

        Download
      • memory/816-11-0x00000000055C0000-0x00000000055C1000-memory.dmp
        Filesize

        4KB

        Download
      • memory/816-12-0x0000000005520000-0x0000000005521000-memory.dmp
        Filesize

        4KB

        Download
      • memory/3024-13-0x0000000000400000-0x000000000041D000-memory.dmp
        Filesize

        116KB

        Download
      • memory/3024-14-0x0000000000405738-mapping.dmp
        Download
      • memory/3024-15-0x0000000000400000-0x000000000041D000-memory.dmp
        Filesize

        116KB

        Download