Overview

overview

10

Static

static

Acc Creden...om.exe

windows7_x64

10

Acc Creden...om.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Acc Credentials.com

  • Size

    209KB

  • Sample

    210119-b7kzm7x9me

  • MD5

    ad81d8d06828e2dc073ec600a761a1c2

  • SHA1

    dda67e41117b0dc2fd837380bdf6f29ebc01c001

  • SHA256

    67df8566558d9eab83c820ba7cc28cdcb92f1d9e4211a1205c80a5b63ef9cd54

  • SHA512

    67118971c10109ef89951f833c64610c08dedeecf16670bf3436352b1b4f45afb5cbaf99397cd6543e493719f9f0524b23677d54d266bc9bfb07c5368b3ddf14

Score
10/10
warzoneratinfostealerpersistencerat

Malware Config

Extracted

Family

warzonerat

C2

iphanyi.mywire.org:5552

Targets

    • Target

      Acc Credentials.com

    • Size

      209KB

    • MD5

      ad81d8d06828e2dc073ec600a761a1c2

    • SHA1

      dda67e41117b0dc2fd837380bdf6f29ebc01c001

    • SHA256

      67df8566558d9eab83c820ba7cc28cdcb92f1d9e4211a1205c80a5b63ef9cd54

    • SHA512

      67118971c10109ef89951f833c64610c08dedeecf16670bf3436352b1b4f45afb5cbaf99397cd6543e493719f9f0524b23677d54d266bc9bfb07c5368b3ddf14

    Score
    10/10
    warzoneratinfostealerpersistencerat

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

      ratinfostealerwarzonerat

    • Warzone RAT Payload

      rat

    • Executes dropped EXE

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks