Overview

overview

10

Static

static

comprobant...go.exe

windows7_x64

1

comprobant...go.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    comprobante de pago.exe

  • Size

    961KB

  • Sample

    210611-bshw86dhae

  • MD5

    3ac88ff8e263df94911300adad7701f9

  • SHA1

    288c584783bcabeed05d36ca0f6fb34eaa6c6412

  • SHA256

    142dbdbec076e4c94c9d01c7dbdd31ccf6947cceb9afebe92fb3d2e06d527603

  • SHA512

    9cc8480aa2afb9e18cc40124afe4b92e1026ab26ba46f9ab7606cfd4cd02e1b1d69aeb8299ccee5a35c2d73018859ed96c8b792f58d30aabf3f99729e47a0e37

Score
10/10
warzoneratinfostealerpersistencerat

Malware Config

Extracted

Family

warzonerat

C2

ontmintuejio.sytes.net:5285

Targets

    • Target

      comprobante de pago.exe

    • Size

      961KB

    • MD5

      3ac88ff8e263df94911300adad7701f9

    • SHA1

      288c584783bcabeed05d36ca0f6fb34eaa6c6412

    • SHA256

      142dbdbec076e4c94c9d01c7dbdd31ccf6947cceb9afebe92fb3d2e06d527603

    • SHA512

      9cc8480aa2afb9e18cc40124afe4b92e1026ab26ba46f9ab7606cfd4cd02e1b1d69aeb8299ccee5a35c2d73018859ed96c8b792f58d30aabf3f99729e47a0e37

    Score
    10/10
    warzoneratinfostealerpersistencerat

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

      ratinfostealerwarzonerat

    • Warzone RAT Payload

      rat

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks