Overview

overview

10

Static

static

LnkxrWO6yvd9qaJ.exe

windows7_x64

10

LnkxrWO6yvd9qaJ.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    LnkxrWO6yvd9qaJ.exe

  • Size

    537KB

  • Sample

    210115-v9538xm3vj

  • MD5

    a9933988c3f46eef0110f5d707581e80

  • SHA1

    776002c8099ed9648d4ced12ba06ca4314011ba3

  • SHA256

    a5493fcfa116bae23b26373c6aeec273c025be4798a14a2127dc134ba0b1c8b5

  • SHA512

    d28673ad2aad7ef222c469c0f2a0354f89cb3366fd41beb2b598a4690712dea9ebe14ab568ae76ae72cb076dbb1f962912827f8d2a64f1edee3c1ceb63b89504

Score
10/10
warzoneratinfostealerrat

Malware Config

Extracted

Family

warzonerat

C2

185.222.58.156:5200

Targets

    • Target

      LnkxrWO6yvd9qaJ.exe

    • Size

      537KB

    • MD5

      a9933988c3f46eef0110f5d707581e80

    • SHA1

      776002c8099ed9648d4ced12ba06ca4314011ba3

    • SHA256

      a5493fcfa116bae23b26373c6aeec273c025be4798a14a2127dc134ba0b1c8b5

    • SHA512

      d28673ad2aad7ef222c469c0f2a0354f89cb3366fd41beb2b598a4690712dea9ebe14ab568ae76ae72cb076dbb1f962912827f8d2a64f1edee3c1ceb63b89504

    Score
    10/10
    warzoneratinfostealerrat

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

      ratinfostealerwarzonerat

    • Warzone RAT Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks