Overview

overview

10

Static

static

POVdRnvBDNdZ0tZ.exe

windows7_x64

10

POVdRnvBDNdZ0tZ.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    POVdRnvBDNdZ0tZ.exe

  • Size

    727KB

  • Sample

    210407-necsrhxg4j

  • MD5

    9710a8a9857b099694317f05c4da703e

  • SHA1

    3faa03b1a2f63f42008c0a736b8faad86f114f5e

  • SHA256

    d266e212f266cc2c64e151d3543e34beaed2a3666fa215c2a88d8a042b6e9a4a

  • SHA512

    e9efa72bc615bc66a1747bd4db1a979a5f70eee68e859d0d807f26b5f11018000ac4b4d953d1133a3a719dd53cf4ea1710da9a37f2da3f95f88e0cd163a50efc

Score
10/10
warzoneratinfostealerrat

Malware Config

Extracted

Family

warzonerat

C2

genasispony.hopto.org:4477

Targets

    • Target

      POVdRnvBDNdZ0tZ.exe

    • Size

      727KB

    • MD5

      9710a8a9857b099694317f05c4da703e

    • SHA1

      3faa03b1a2f63f42008c0a736b8faad86f114f5e

    • SHA256

      d266e212f266cc2c64e151d3543e34beaed2a3666fa215c2a88d8a042b6e9a4a

    • SHA512

      e9efa72bc615bc66a1747bd4db1a979a5f70eee68e859d0d807f26b5f11018000ac4b4d953d1133a3a719dd53cf4ea1710da9a37f2da3f95f88e0cd163a50efc

    Score
    10/10
    warzoneratinfostealerrat

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

      ratinfostealerwarzonerat

    • Warzone RAT Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks