Overview

overview

10

Static

static

dafa.exe

windows7_x64

10

dafa.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dafa.exe

  • Size

    349KB

  • Sample

    210507-vxbfx28n36

  • MD5

    620239d356bc0af1c8dd8846a2613424

  • SHA1

    0d3d341acc603593c8e060220e5e5046f987c065

  • SHA256

    9479384c915a5bf368753c99a365ac15a21652ee21bd5db5ccff32c6deb899f4

  • SHA512

    09b90b0f81f8d43ff793c606a320dbaf5fb51403ea8926be5dce42b117169bc36d71e3b500746ee71313c53a302cdeee590066d025927bb804ad8b9cc5ef0ea2

Score
10/10
warzoneratinfostealerrat

Malware Config

Extracted

Family

warzonerat

C2

santzo.warzonedns.com:5201

Targets

    • Target

      dafa.exe

    • Size

      349KB

    • MD5

      620239d356bc0af1c8dd8846a2613424

    • SHA1

      0d3d341acc603593c8e060220e5e5046f987c065

    • SHA256

      9479384c915a5bf368753c99a365ac15a21652ee21bd5db5ccff32c6deb899f4

    • SHA512

      09b90b0f81f8d43ff793c606a320dbaf5fb51403ea8926be5dce42b117169bc36d71e3b500746ee71313c53a302cdeee590066d025927bb804ad8b9cc5ef0ea2

    Score
    10/10
    warzoneratinfostealerrat

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

      ratinfostealerwarzonerat

    • Warzone RAT Payload

      rat

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks