Overview

overview

10

Static

static

PDF.exe

windows7_x64

10

PDF.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PDF.exe

  • Size

    807KB

  • Sample

    210702-svtper3aka

  • MD5

    1032e6ffdbb406b3ee80d7c50989e2b5

  • SHA1

    fb63c770ba76d25f181be481acef62aa2cf5f82c

  • SHA256

    be38a69081db308b628205a8d3bf1053120da733b05f38ac497a295723d2b29f

  • SHA512

    bd5203164dd2a966c1db164f6d472615932a673d7be6105c5c36a130e1bb7582e4a9a479833ecbc102c36a5786ef1e459b8eec944beb8cdf51c763078a2923f3

Score
10/10
warzoneratinfostealerrat

Malware Config

Extracted

Family

warzonerat

C2

185.157.160.215:2211

Targets

    • Target

      PDF.exe

    • Size

      807KB

    • MD5

      1032e6ffdbb406b3ee80d7c50989e2b5

    • SHA1

      fb63c770ba76d25f181be481acef62aa2cf5f82c

    • SHA256

      be38a69081db308b628205a8d3bf1053120da733b05f38ac497a295723d2b29f

    • SHA512

      bd5203164dd2a966c1db164f6d472615932a673d7be6105c5c36a130e1bb7582e4a9a479833ecbc102c36a5786ef1e459b8eec944beb8cdf51c763078a2923f3

    Score
    10/10
    warzoneratinfostealerrat

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

      ratinfostealerwarzonerat

    • Warzone RAT Payload

      rat

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks