Overview

overview

10

Static

static

1

Shipping_D...in.exe

windows7_x64

10

Shipping_D...in.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Shipping_Document.bin.zip

  • Size

    158KB

  • Sample

    210706-jdqtwnz9rn

  • MD5

    41272e28557b97c33eadda7ac9369018

  • SHA1

    757c1c0d4973491b6d0c0dd8eaaf7f4ba980f0b4

  • SHA256

    a1243a38330795199e8f5fd90b3225a6ba40dd5f2b899a621babefa4f293fb06

  • SHA512

    b3337e62cc4afffcc417448344f77d015c2e0e7e78845d76fa9252859219fbe9486d39fe93f9c3c16d4e3889024d38c4cb12dac0e09bf01f48db331773111022

Score
10/10
warzoneratinfostealerrat

Malware Config

Extracted

Family

warzonerat

C2

sipex2021.ddns.net:6397

Targets

    • Target

      Shipping_Document.bin

    • Size

      172KB

    • MD5

      2582f47250f2f04af9f177806c815b27

    • SHA1

      efd4dc08e17ab0045d459741c06253e2ff874a48

    • SHA256

      b342f081e96f0e433e6caf6fb87fe7f390bd134e1e9e8f53676af8a95391e77b

    • SHA512

      d0bc8d3055431d2a5e6188bb07bfdb1925d403dc51bec5fdf5c2a105e0240ced3196d5c3b87756150c8e4b247ddf7bef25ff2eafb2afab125da31d0b3462058f

    Score
    10/10
    warzoneratinfostealerrat

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

      ratinfostealerwarzonerat

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks