Overview

overview

10

Static

static

klz4gyUavm3BYrK.exe

windows7_x64

10

klz4gyUavm3BYrK.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    C28 - 35782025 BLUELINXCO RFQ.rar

  • Size

    540KB

  • Sample

    210401-928kk43hqx

  • MD5

    52295215fd5627afbeb874714e5fdff6

  • SHA1

    682ade1077155b7d506da86609f03aab3d1fad30

  • SHA256

    c9f757de37c9f8092ff3dbaba6b0adfecd5b97e5f3bb521647f4290918a4bc0d

  • SHA512

    3723d7ba0fe2b28a7c68e3dc14208c8706d1ac8297f86701d250116acf3874fa0d06efac2d77662b3bdb96b24de35f5e0998623d949cc1e341a2ec7612e72058

Score
10/10
warzoneratinfostealerrat

Malware Config

Extracted

Family

warzonerat

C2

genasispony.hopto.org:4477

Targets

    • Target

      klz4gyUavm3BYrK.exe

    • Size

      589KB

    • MD5

      a4f1d30c779341883a5aa160f647eea6

    • SHA1

      64b7e6d3afe4c776c7ce70451e9f02ffaa1e1aec

    • SHA256

      f1b5c3f7c1ee438590757e114f1c379f6c3d5fc7b349cad583976106737beb61

    • SHA512

      995027ec72c69dc4ce81ef07d7f3c4106f9e1fc9301dce02336fe5c99c1e941716f2e76c3d80e488368af6ea5a61eb024bd779a605e71eba1a6a4afc48257b63

    Score
    10/10
    warzoneratinfostealerrat

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

      ratinfostealerwarzonerat

    • Warzone RAT Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks