Overview

overview

10

Static

static

e6b478f5fc...e3.exe

windows7_x64

10

e6b478f5fc...e3.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e6b478f5fc73dc7318854399abf505e3.exe

  • Size

    908KB

  • Sample

    210712-ph3743epr2

  • MD5

    e6b478f5fc73dc7318854399abf505e3

  • SHA1

    802fb03026a04b4027c3ff7fdf521d08195f8163

  • SHA256

    99f6194509980cce34f244d9dbca6d6931f47a02361db73e0f2fc1fa103c997b

  • SHA512

    9f94e00e1b30130e06749868dc5e492b74f47a67169b5e064ab09fc51fba01e4583adf0b3e730852bba272cfb6d7395f8d6c0078addb59f4b6cdd3c1874ae3d4

Score
10/10
warzoneratinfostealerrat

Malware Config

Extracted

Family

warzonerat

C2

byx.z86.ru:5200

Targets

    • Target

      e6b478f5fc73dc7318854399abf505e3.exe

    • Size

      908KB

    • MD5

      e6b478f5fc73dc7318854399abf505e3

    • SHA1

      802fb03026a04b4027c3ff7fdf521d08195f8163

    • SHA256

      99f6194509980cce34f244d9dbca6d6931f47a02361db73e0f2fc1fa103c997b

    • SHA512

      9f94e00e1b30130e06749868dc5e492b74f47a67169b5e064ab09fc51fba01e4583adf0b3e730852bba272cfb6d7395f8d6c0078addb59f4b6cdd3c1874ae3d4

    Score
    10/10
    warzoneratinfostealerrat

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

      ratinfostealerwarzonerat

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks