Overview

overview

10

Static

static

20210007 P...er.exe

windows7_x64

10

20210007 P...er.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    20210007 Purchase Order.exe

  • Size

    866KB

  • Sample

    210119-srmhchlm22

  • MD5

    2cb1e8b8664b60243ae9d779d722f15b

  • SHA1

    68189a8354d045a0dc176e8580fe0974a393cdb7

  • SHA256

    de752497070302674c9ff806fc9c905d9ca2db93d8d6241d4849da79394fe172

  • SHA512

    0790c9577f4b19280e3f3ee6eb4f397b4cc368c9bf82b8364760939c0dfcfd53b7aa7cb3beb3b469f6fde87a235e858c3f8cffa46d0c035a5697ad5a2a4c27b7

Score
10/10
warzoneratinfostealerrat

Malware Config

Extracted

Family

warzonerat

C2

52.146.42.226:5600

Targets

    • Target

      20210007 Purchase Order.exe

    • Size

      866KB

    • MD5

      2cb1e8b8664b60243ae9d779d722f15b

    • SHA1

      68189a8354d045a0dc176e8580fe0974a393cdb7

    • SHA256

      de752497070302674c9ff806fc9c905d9ca2db93d8d6241d4849da79394fe172

    • SHA512

      0790c9577f4b19280e3f3ee6eb4f397b4cc368c9bf82b8364760939c0dfcfd53b7aa7cb3beb3b469f6fde87a235e858c3f8cffa46d0c035a5697ad5a2a4c27b7

    Score
    10/10
    warzoneratinfostealerrat

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

      ratinfostealerwarzonerat

    • Warzone RAT Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks