General

  • Target

    60bb544289cfeb878cf212268ad90d9b.exe

  • Size

    113KB

  • Sample

    210721-bylkdsywh6

  • MD5

    60bb544289cfeb878cf212268ad90d9b

  • SHA1

    894de031e4cd521c10739650d56d8527c66b6655

  • SHA256

    88172a45ab45c79f77b1a560dea8fcbb0ca7db792ca3d77e513e190dffc2a7f0

  • SHA512

    e39c040150665f18e2638436e62f2efd282e5c8945b18ae7ab5fb506db6178892525478e38a6269c2e0dead296eaaf189052e3b15743afedbd93eb71790134e6

Malware Config

Extracted

Family

warzonerat

C2

trenchesrelax.duckdns.org:302

Targets

    • Target

      60bb544289cfeb878cf212268ad90d9b.exe

    • Size

      113KB

    • MD5

      60bb544289cfeb878cf212268ad90d9b

    • SHA1

      894de031e4cd521c10739650d56d8527c66b6655

    • SHA256

      88172a45ab45c79f77b1a560dea8fcbb0ca7db792ca3d77e513e190dffc2a7f0

    • SHA512

      e39c040150665f18e2638436e62f2efd282e5c8945b18ae7ab5fb506db6178892525478e38a6269c2e0dead296eaaf189052e3b15743afedbd93eb71790134e6

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    • Warzone RAT Payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

1
T1081

Collection

Data from Local System

1
T1005

Tasks