Overview

overview

10

Static

static

CLEW enqui...DF.exe

windows7_x64

10

CLEW enqui...DF.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    CLEW enquiry 2021.PDF.exe

  • Size

    472KB

  • Sample

    210315-2bd7sw8c4j

  • MD5

    4387f93e0d45409c4397bc25312ac979

  • SHA1

    0f02a839cdac526bd40d7fb62f792947f2ffe76b

  • SHA256

    f92db9d719cb7053b1b814f4a3a31c30572e83dd51b549da36d32b473361c30a

  • SHA512

    54f6761a0bcd495a8c7d6fe31859271515044fe9750df726bd7f51045f03450481f015152ba06b39adc3852ea1f129fadaab4a9634b200d91d3d22aca4da1ccf

Score
10/10
warzoneratinfostealerrat

Malware Config

Extracted

Family

warzonerat

C2

79.134.225.26:3141

Targets

    • Target

      CLEW enquiry 2021.PDF.exe

    • Size

      472KB

    • MD5

      4387f93e0d45409c4397bc25312ac979

    • SHA1

      0f02a839cdac526bd40d7fb62f792947f2ffe76b

    • SHA256

      f92db9d719cb7053b1b814f4a3a31c30572e83dd51b549da36d32b473361c30a

    • SHA512

      54f6761a0bcd495a8c7d6fe31859271515044fe9750df726bd7f51045f03450481f015152ba06b39adc3852ea1f129fadaab4a9634b200d91d3d22aca4da1ccf

    Score
    10/10
    warzoneratinfostealerrat

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

      ratinfostealerwarzonerat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks