CLEW enquiry 2021.PDF.exe

General
Target

CLEW enquiry 2021.PDF.exe

Size

472KB

Sample

210315-2bd7sw8c4j

Score
10 /10
MD5

4387f93e0d45409c4397bc25312ac979

SHA1

0f02a839cdac526bd40d7fb62f792947f2ffe76b

SHA256

f92db9d719cb7053b1b814f4a3a31c30572e83dd51b549da36d32b473361c30a

SHA512

54f6761a0bcd495a8c7d6fe31859271515044fe9750df726bd7f51045f03450481f015152ba06b39adc3852ea1f129fadaab4a9634b200d91d3d22aca4da1ccf

Malware Config

Extracted

Family warzonerat
C2

79.134.225.26:3141

Targets
Target

CLEW enquiry 2021.PDF.exe

MD5

4387f93e0d45409c4397bc25312ac979

Filesize

472KB

Score
10 /10
SHA1

0f02a839cdac526bd40d7fb62f792947f2ffe76b

SHA256

f92db9d719cb7053b1b814f4a3a31c30572e83dd51b549da36d32b473361c30a

SHA512

54f6761a0bcd495a8c7d6fe31859271515044fe9750df726bd7f51045f03450481f015152ba06b39adc3852ea1f129fadaab4a9634b200d91d3d22aca4da1ccf

Tags

Signatures

  • WarzoneRat, AveMaria

    Description

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    Tags

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                    Privilege Escalation
                      Tasks

                      static1

                      behavioral1

                      10/10

                      behavioral2

                      10/10