Overview

overview

10

Static

static

f8bb59b31d...c7.exe

windows7_x64

10

f8bb59b31d...c7.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f8bb59b31d3c499175097b82261b76c7.exe

  • Size

    889KB

  • Sample

    210120-2p74kanc4n

  • MD5

    f8bb59b31d3c499175097b82261b76c7

  • SHA1

    55e04ce47ec557644fd5090c6b8eca08fc40f5ac

  • SHA256

    697a598f8ed9e8d8ca308a2472e712420d116e48db95d4a0cd69495242f47e2f

  • SHA512

    751e84ea0c212714f17fc1e1a3a61bcd86bccf16986ccce7f77452f1f775f539facaa97adbce88b94af784ada6c44747244fd80b3c3262d2a371a83103415cc5

Score
10/10
warzoneratinfostealerrat

Malware Config

Extracted

Family

warzonerat

C2

79.134.225.79:5300

Targets

    • Target

      f8bb59b31d3c499175097b82261b76c7.exe

    • Size

      889KB

    • MD5

      f8bb59b31d3c499175097b82261b76c7

    • SHA1

      55e04ce47ec557644fd5090c6b8eca08fc40f5ac

    • SHA256

      697a598f8ed9e8d8ca308a2472e712420d116e48db95d4a0cd69495242f47e2f

    • SHA512

      751e84ea0c212714f17fc1e1a3a61bcd86bccf16986ccce7f77452f1f775f539facaa97adbce88b94af784ada6c44747244fd80b3c3262d2a371a83103415cc5

    Score
    10/10
    warzoneratinfostealerrat

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

      ratinfostealerwarzonerat

    • Warzone RAT Payload

      rat

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks