Overview

overview

10

Static

static

Arifashaya...FQ.exe

windows7_x64

10

Arifashaya...FQ.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Arifashayan_2020_06_04_RFQ.exe

  • Size

    734KB

  • Sample

    210407-gks3q4hkcj

  • MD5

    3bdd9fe778002e20e2db0830a6199bb7

  • SHA1

    9b9b32127c5bb8b99902cd8abfe857903087a2b3

  • SHA256

    757d6be9f53d159e382e9b82a4baa567d4a8173b30ccd788234f4afb5db16eba

  • SHA512

    a581d78bc1e744821274c32810ae09eb187c2bc7356c8789310c36282bb04148d623c3a27fc15f10c18c64927eb07f4230ee0b5721004765a7e1a480f0c0269b

Score
10/10
warzoneratinfostealerrat

Malware Config

Extracted

Family

warzonerat

C2

genasispony.hopto.org:4477

Targets

    • Target

      Arifashayan_2020_06_04_RFQ.exe

    • Size

      734KB

    • MD5

      3bdd9fe778002e20e2db0830a6199bb7

    • SHA1

      9b9b32127c5bb8b99902cd8abfe857903087a2b3

    • SHA256

      757d6be9f53d159e382e9b82a4baa567d4a8173b30ccd788234f4afb5db16eba

    • SHA512

      a581d78bc1e744821274c32810ae09eb187c2bc7356c8789310c36282bb04148d623c3a27fc15f10c18c64927eb07f4230ee0b5721004765a7e1a480f0c0269b

    Score
    10/10
    warzoneratinfostealerrat

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

      ratinfostealerwarzonerat

    • Warzone RAT Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks