General

  • Target

    Fedex Notification.exe

  • Size

    79KB

  • Sample

    210404-64fwfe97mn

  • MD5

    4153b601fc1dd6537b6997bce512e0f1

  • SHA1

    a263ed16f03b04d0853f3686af841f496537dd23

  • SHA256

    5242c4552e512707dbeb3b004cb441cc140b6cfe813a4d6532f4adec03bcb23c

  • SHA512

    bede3b453dc9c7453af4d8eff5ef77f32afbc7265d72c15f3a4945d4e726e6c6e77aafb8bd9a537db5a26940d15fc79cc203510b4a9cd1f16e5f6da3f0bfaa77

Malware Config

Extracted

Family

warzonerat

C2

103.199.17.185:5200

Targets

    • Target

      Fedex Notification.exe

    • Size

      79KB

    • MD5

      4153b601fc1dd6537b6997bce512e0f1

    • SHA1

      a263ed16f03b04d0853f3686af841f496537dd23

    • SHA256

      5242c4552e512707dbeb3b004cb441cc140b6cfe813a4d6532f4adec03bcb23c

    • SHA512

      bede3b453dc9c7453af4d8eff5ef77f32afbc7265d72c15f3a4945d4e726e6c6e77aafb8bd9a537db5a26940d15fc79cc203510b4a9cd1f16e5f6da3f0bfaa77

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Bypass User Account Control

1
T1088

Defense Evasion

Modify Registry

8
T1112

Disabling Security Tools

5
T1089

Bypass User Account Control

1
T1088

Install Root Certificate

1
T1130

Discovery

System Information Discovery

2
T1082

Tasks