Overview

overview

10

Static

static

Statement ...78.exe

windows7_x64

1

Statement ...78.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Statement SKBMT 01078.exe

  • Size

    1.1MB

  • Sample

    210723-4hvsm71wmx

  • MD5

    2ac95d271159084b2f3f66ebe2fc1318

  • SHA1

    70c8964080fef2993c9a3f4cb3f6f9c8a0e10f54

  • SHA256

    af96538d76a53512e82dbb6683578b7d44577307722d1c9291cf047f5f471334

  • SHA512

    0619dbaa146a64851bd24c7afd04bbaf2c23e002e10a9f83a306079c6edff0e876c32c60e4fc74de64b05dd74aa24b27810572b18efdc4878426a82840649105

Score
10/10
warzoneratinfostealerrat

Malware Config

Extracted

Family

warzonerat

C2

202.55.132.213:7744

Targets

    • Target

      Statement SKBMT 01078.exe

    • Size

      1.1MB

    • MD5

      2ac95d271159084b2f3f66ebe2fc1318

    • SHA1

      70c8964080fef2993c9a3f4cb3f6f9c8a0e10f54

    • SHA256

      af96538d76a53512e82dbb6683578b7d44577307722d1c9291cf047f5f471334

    • SHA512

      0619dbaa146a64851bd24c7afd04bbaf2c23e002e10a9f83a306079c6edff0e876c32c60e4fc74de64b05dd74aa24b27810572b18efdc4878426a82840649105

    Score
    10/10
    warzoneratinfostealerrat

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

      ratinfostealerwarzonerat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks