payment proof.png.exe

General
Target

payment proof.png.exe

Size

489KB

Sample

210315-lf8ftmjgqn

Score
10 /10
MD5

fb629e1391366b36827b6982c93da4c3

SHA1

3480ddeb9862c6ec1a19349b4fb248e89fc8b040

SHA256

87783bb0a6d5e2846ba2b5e097fe49b9dafe36995916908fdb11e5170e81ac00

SHA512

8edbaa68c89dcf6c4d69b54bdb8dbbb91c4d24d94f118f7f8037c34d68356dbaab360cab3fcb51738c155c37c75bc9c26ef9ed6a0119e41b154fb39d03c33538

Malware Config

Extracted

Family warzonerat
C2

79.134.225.26:3141

Targets
Target

payment proof.png.exe

MD5

fb629e1391366b36827b6982c93da4c3

Filesize

489KB

Score
10 /10
SHA1

3480ddeb9862c6ec1a19349b4fb248e89fc8b040

SHA256

87783bb0a6d5e2846ba2b5e097fe49b9dafe36995916908fdb11e5170e81ac00

SHA512

8edbaa68c89dcf6c4d69b54bdb8dbbb91c4d24d94f118f7f8037c34d68356dbaab360cab3fcb51738c155c37c75bc9c26ef9ed6a0119e41b154fb39d03c33538

Tags

Signatures

  • WarzoneRat, AveMaria

    Description

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    Tags

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                    Privilege Escalation
                      Tasks

                      static1

                      behavioral1

                      10/10

                      behavioral2

                      10/10