Overview

overview

10

Static

static

SHIPPING D...TS.exe

windows7_x64

10

SHIPPING D...TS.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SHIPPING DOCUMENTS.exe

  • Size

    893KB

  • Sample

    210119-y8ag957ate

  • MD5

    954ab9aadb3927539440b2e50cc6fc14

  • SHA1

    5cca431b044071b3a44cea641abd59837eb60277

  • SHA256

    56a2197cef63d3768d8a21986261f24dc94571b06786a093253a161857b821c4

  • SHA512

    c0f78e2b1b26652b4c52c66d655cdd4fc5c43826d498eda276a189b83293bcfdc2ee0a4e24e693b78c816e6cec4039876e9a5bc16f77b30495548ea1f295c58d

Score
10/10
warzoneratinfostealerrat

Malware Config

Extracted

Family

warzonerat

C2

20.190.63.69:8600

Targets

    • Target

      SHIPPING DOCUMENTS.exe

    • Size

      893KB

    • MD5

      954ab9aadb3927539440b2e50cc6fc14

    • SHA1

      5cca431b044071b3a44cea641abd59837eb60277

    • SHA256

      56a2197cef63d3768d8a21986261f24dc94571b06786a093253a161857b821c4

    • SHA512

      c0f78e2b1b26652b4c52c66d655cdd4fc5c43826d498eda276a189b83293bcfdc2ee0a4e24e693b78c816e6cec4039876e9a5bc16f77b30495548ea1f295c58d

    Score
    10/10
    warzoneratinfostealerrat

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

      ratinfostealerwarzonerat

    • Warzone RAT Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks