Overview

overview

10

Static

static

EMTECH IPH GROUP.exe

windows7_x64

10

EMTECH IPH GROUP.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    EMTECH IPH GROUP.exe

  • Size

    62KB

  • Sample

    210720-rhhq97x1rj

  • MD5

    4b3470167aed6f5cba3103b3abaaa7c4

  • SHA1

    6282b6635b89c19086e7e77aa508aa3f484b3e6e

  • SHA256

    caf865d460e97d3f1043fdade9be954436bb158f6101d3598d1334acfef400d3

  • SHA512

    8dd0e0ec717afd64255c47424682d642b670d4c8d75deb169a9b433807d23651e79e94b7f78f8d954c19abd99aa332204c2f86df6af98928d2d8b0f0de3e6a8d

Score
10/10
warzoneratinfostealerrat

Malware Config

Extracted

Family

warzonerat

C2

185.157.160.215:2211

Targets

    • Target

      EMTECH IPH GROUP.exe

    • Size

      62KB

    • MD5

      4b3470167aed6f5cba3103b3abaaa7c4

    • SHA1

      6282b6635b89c19086e7e77aa508aa3f484b3e6e

    • SHA256

      caf865d460e97d3f1043fdade9be954436bb158f6101d3598d1334acfef400d3

    • SHA512

      8dd0e0ec717afd64255c47424682d642b670d4c8d75deb169a9b433807d23651e79e94b7f78f8d954c19abd99aa332204c2f86df6af98928d2d8b0f0de3e6a8d

    Score
    10/10
    warzoneratinfostealerrat

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

      ratinfostealerwarzonerat

    • Warzone RAT Payload

      rat

    • Drops startup file

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks