Overview

overview

10

Static

static

be38a69081...9f.exe

windows7_x64

7

be38a69081...9f.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    be38a69081db308b628205a8d3bf1053120da733b05f38ac497a295723d2b29f (2).zip

  • Size

    519KB

  • Sample

    210704-qffk2pmfca

  • MD5

    5d8a7c0f5037b80a077f735e88d4b045

  • SHA1

    8605ff55a20a6eeefee69b1a8b4eddb1a143220c

  • SHA256

    e39e81961661f0e514b2bea8f22075ab57cf4fdc12653ecc31fdf8603089c160

  • SHA512

    7f16a5a98c3e46fe774d6b887263daa2d78bc636ae4e014471ff55de5cda578263dd81fc485f858b1d01ef0c6637cbcff68c5a30dc534f9de177fe6e592a34ae

Score
10/10
warzoneratinfostealerrat

Malware Config

Extracted

Family

warzonerat

C2

185.157.160.215:2211

Targets

    • Target

      be38a69081db308b628205a8d3bf1053120da733b05f38ac497a295723d2b29f.exe

    • Size

      807KB

    • MD5

      1032e6ffdbb406b3ee80d7c50989e2b5

    • SHA1

      fb63c770ba76d25f181be481acef62aa2cf5f82c

    • SHA256

      be38a69081db308b628205a8d3bf1053120da733b05f38ac497a295723d2b29f

    • SHA512

      bd5203164dd2a966c1db164f6d472615932a673d7be6105c5c36a130e1bb7582e4a9a479833ecbc102c36a5786ef1e459b8eec944beb8cdf51c763078a2923f3

    Score
    10/10
    warzoneratinfostealerrat

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

      ratinfostealerwarzonerat

    • Warzone RAT Payload

      rat

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Scripting

1
T1064

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks