Overview

overview

10

Static

static

PO#11-1701...df.exe

windows7_x64

10

PO#11-1701...df.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PO#11-17012021,pdf.exe

  • Size

    317KB

  • Sample

    210118-v29bbmr2rj

  • MD5

    883f037f8db0d45f1dab5dbd539326d2

  • SHA1

    ab9b5572188b37c10eed0b76163667494fb4cc57

  • SHA256

    b6d76a6dd8898fcd223678eec6835de53da6b2af1fc84c90dc502082eb6d8729

  • SHA512

    5336c34028c972118fe8f20ae6beee20ec92c5413450abfdef0a3033edb026ed714ed8bc19772440bc4184ec4385165382d5c8a1551abccebf79a2230349749f

Score
10/10
warzoneratinfostealerrat

Malware Config

Extracted

Family

warzonerat

C2

206.123.129.103:4565

Targets

    • Target

      PO#11-17012021,pdf.exe

    • Size

      317KB

    • MD5

      883f037f8db0d45f1dab5dbd539326d2

    • SHA1

      ab9b5572188b37c10eed0b76163667494fb4cc57

    • SHA256

      b6d76a6dd8898fcd223678eec6835de53da6b2af1fc84c90dc502082eb6d8729

    • SHA512

      5336c34028c972118fe8f20ae6beee20ec92c5413450abfdef0a3033edb026ed714ed8bc19772440bc4184ec4385165382d5c8a1551abccebf79a2230349749f

    Score
    10/10
    warzoneratinfostealerrat

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

      ratinfostealerwarzonerat

    • Warzone RAT Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks