Overview

overview

10

Static

static

10

LOBIQ Proj...nt.exe

windows7_x64

3

LOBIQ Proj...nt.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    LOBIQ Project Phase ii Procurement.exe

  • Size

    783KB

  • Sample

    210114-vktd7dgmdn

  • MD5

    8a219fc362244cc6d03a474d796ee04d

  • SHA1

    9edd648a7b263ee30ae981c652b6dcfcd8ffa959

  • SHA256

    a458562e508b49f6195292bc432a95ce03b2d48926441aea5c077f010cd965c3

  • SHA512

    befa2a251b7530ace0e85b60b0e3fbd0d195c3cbbfa8205b41202df671804a92d64050b15e7e64b4b10e183de520bb7093b961a4d3206e31477e2d8b4cfeeef8

Score
10/10
modiloaderwarzoneratinfostealerpersistencerat

Malware Config

Targets

    • Target

      LOBIQ Project Phase ii Procurement.exe

    • Size

      783KB

    • MD5

      8a219fc362244cc6d03a474d796ee04d

    • SHA1

      9edd648a7b263ee30ae981c652b6dcfcd8ffa959

    • SHA256

      a458562e508b49f6195292bc432a95ce03b2d48926441aea5c077f010cd965c3

    • SHA512

      befa2a251b7530ace0e85b60b0e3fbd0d195c3cbbfa8205b41202df671804a92d64050b15e7e64b4b10e183de520bb7093b961a4d3206e31477e2d8b4cfeeef8

    Score
    10/10
    warzoneratinfostealerpersistencerat

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

      ratinfostealerwarzonerat

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Install Root Certificate

1
T1130

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks