Overview

overview

10

Static

static

SecuriteIn...43.exe

windows7_x64

1

SecuriteIn...43.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.Trojan.Packed.24465.12290.29943

  • Size

    129KB

  • Sample

    210412-3q7evv6jmj

  • MD5

    84316bd8a6b69472115faadfc446253f

  • SHA1

    03c9c3263f71654173e55c7074434a75f487f2b7

  • SHA256

    6d33f52ccba4dfd0f6ae6559d49f85bfbdb94560dc321cd09defa7d1278773cf

  • SHA512

    f41d95d145739bc6688e04591db864c2e78cada2570d05364bdf3289fb466ce734dbb419662e3c8cae4b73f0da7113c7782a6a415791b7b1d8e3db0996680ad0

Score
10/10
warzoneratinfostealerrat

Malware Config

Extracted

Family

warzonerat

C2

148.251.48.16:5200

Targets

    • Target

      SecuriteInfo.com.Trojan.Packed.24465.12290.29943

    • Size

      129KB

    • MD5

      84316bd8a6b69472115faadfc446253f

    • SHA1

      03c9c3263f71654173e55c7074434a75f487f2b7

    • SHA256

      6d33f52ccba4dfd0f6ae6559d49f85bfbdb94560dc321cd09defa7d1278773cf

    • SHA512

      f41d95d145739bc6688e04591db864c2e78cada2570d05364bdf3289fb466ce734dbb419662e3c8cae4b73f0da7113c7782a6a415791b7b1d8e3db0996680ad0

    Score
    10/10
    warzoneratinfostealerrat

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

      ratinfostealerwarzonerat

    • Warzone RAT Payload

      rat

    • Executes dropped EXE

    • Drops startup file

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks