Urgent_request_for_quotation.exe

General
Target

Urgent_request_for_quotation.exe

Size

736KB

Sample

210722-m7gtsajc22

Score
10 /10
MD5

392c8ecd4e0adeffe68d8365a4834bc1

SHA1

7e84b2d4cb21efa0324c956ff7f7d5c12fbb586f

SHA256

6cd9680a21d7f13a34e111c1f9e645b1b657b8b7e13ce16deddfee2b003f7579

SHA512

891dd53d7f3ffd1811fbf5b7bb2e3a645c9fe7294957bb0c46e0f45ece8566226904c69e20d3174ce5de33b5932b9c7d5ae18f333d78f0f9ef862d27a253f2f9

Malware Config

Extracted

Family warzonerat
C2

79.134.225.8:8654

Targets
Target

Urgent_request_for_quotation.exe

MD5

392c8ecd4e0adeffe68d8365a4834bc1

Filesize

736KB

Score
10 /10
SHA1

7e84b2d4cb21efa0324c956ff7f7d5c12fbb586f

SHA256

6cd9680a21d7f13a34e111c1f9e645b1b657b8b7e13ce16deddfee2b003f7579

SHA512

891dd53d7f3ffd1811fbf5b7bb2e3a645c9fe7294957bb0c46e0f45ece8566226904c69e20d3174ce5de33b5932b9c7d5ae18f333d78f0f9ef862d27a253f2f9

Tags

Signatures

  • WarzoneRat, AveMaria

    Description

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    Tags

  • Blocklisted process makes network request

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Discovery
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation
                      Tasks

                      static1

                      behavioral1

                      10/10