60bb544289cfeb878cf212268ad90d9b.exe

General
Target

60bb544289cfeb878cf212268ad90d9b.exe

Size

113KB

Sample

210721-qbzsln3yee

Score
10 /10
MD5

60bb544289cfeb878cf212268ad90d9b

SHA1

894de031e4cd521c10739650d56d8527c66b6655

SHA256

88172a45ab45c79f77b1a560dea8fcbb0ca7db792ca3d77e513e190dffc2a7f0

SHA512

e39c040150665f18e2638436e62f2efd282e5c8945b18ae7ab5fb506db6178892525478e38a6269c2e0dead296eaaf189052e3b15743afedbd93eb71790134e6

Malware Config

Extracted

Family warzonerat
C2

trenchesrelax.duckdns.org:302

Targets
Target

60bb544289cfeb878cf212268ad90d9b.exe

MD5

60bb544289cfeb878cf212268ad90d9b

Filesize

113KB

Score
10 /10
SHA1

894de031e4cd521c10739650d56d8527c66b6655

SHA256

88172a45ab45c79f77b1a560dea8fcbb0ca7db792ca3d77e513e190dffc2a7f0

SHA512

e39c040150665f18e2638436e62f2efd282e5c8945b18ae7ab5fb506db6178892525478e38a6269c2e0dead296eaaf189052e3b15743afedbd93eb71790134e6

Tags

Signatures

  • WarzoneRat, AveMaria

    Description

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    Tags

  • Warzone RAT Payload

    Tags

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Discovery
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation
                      Tasks