Overview

overview

10

Static

static

dd10f0c6c5...12.exe

windows7_x64

10

dd10f0c6c5...12.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dd10f0c6c5a43d2280e8ae8b610b8912.exe

  • Size

    465KB

  • Sample

    210713-kcqw8klw4a

  • MD5

    dd10f0c6c5a43d2280e8ae8b610b8912

  • SHA1

    7f5c5806316149520f1c34ea22178ee3ee62dc72

  • SHA256

    538b973f12e7eb9390b9b64cb36818b73b139bee73af7d5c7b8c5d72a0dc037a

  • SHA512

    cab30d141ee3e71039f28dfea38474bac6127284cb7c885156943124023db498050555a3b6b409a45b2657fb04f24efc5aa3032e7f8162c2340ca95d7ba4651e

Score
10/10
warzoneratinfostealerrat

Malware Config

Extracted

Family

warzonerat

C2

byx.z86.ru:5200

Targets

    • Target

      dd10f0c6c5a43d2280e8ae8b610b8912.exe

    • Size

      465KB

    • MD5

      dd10f0c6c5a43d2280e8ae8b610b8912

    • SHA1

      7f5c5806316149520f1c34ea22178ee3ee62dc72

    • SHA256

      538b973f12e7eb9390b9b64cb36818b73b139bee73af7d5c7b8c5d72a0dc037a

    • SHA512

      cab30d141ee3e71039f28dfea38474bac6127284cb7c885156943124023db498050555a3b6b409a45b2657fb04f24efc5aa3032e7f8162c2340ca95d7ba4651e

    Score
    10/10
    warzoneratinfostealerrat

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

      ratinfostealerwarzonerat
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks