QUOTATION-007222021.exe

General
Target

QUOTATION-007222021.exe

Size

2MB

Sample

210723-78zd62l2yj

Score
10 /10
MD5

4b25ce6286e4db04124b13ad0227fd77

SHA1

53ce201bab5c1de3ab8ce4bf2a89eec54fa25a05

SHA256

4d787dca4719a668ec0cca721a93a2ae6b6135a2ddde4f75f2b8b790fb19cc3b

SHA512

d245418614f02e6aefc59e9fa24a82827a09bc0150e89b1ff21e89c4c75d75bf14527ec0b8720e5ecce80b5ab8b1651c14b15d0c7786c0c47d123e8c5cd0bdc3

Malware Config

Extracted

Family warzonerat
C2

194.5.97.145:9976

Targets
Target

QUOTATION-007222021.exe

MD5

4b25ce6286e4db04124b13ad0227fd77

Filesize

2MB

Score
10 /10
SHA1

53ce201bab5c1de3ab8ce4bf2a89eec54fa25a05

SHA256

4d787dca4719a668ec0cca721a93a2ae6b6135a2ddde4f75f2b8b790fb19cc3b

SHA512

d245418614f02e6aefc59e9fa24a82827a09bc0150e89b1ff21e89c4c75d75bf14527ec0b8720e5ecce80b5ab8b1651c14b15d0c7786c0c47d123e8c5cd0bdc3

Tags

Signatures

  • WarzoneRat, AveMaria

    Description

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    Tags

  • Warzone RAT Payload

    Tags

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup Folder Modify Registry

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
    Discovery
      Execution
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Privilege Escalation