5b05e594d319f6d70ac64e5516623e00

General
Target

5b05e594d319f6d70ac64e5516623e00

Size

246KB

Sample

210723-ajd9n1spr2

Score
10 /10
MD5

5b05e594d319f6d70ac64e5516623e00

SHA1

106e4355f90abce23844b75d6b6349a0caf3667c

SHA256

1a23d8fe69766ecb6f3c71a5bc952e7636d4b6522d2975491622816235e63171

SHA512

b796155db0fc285daec4ea9e05414f1ad5264a3ed385e782e6f3fdde90531a89e647320f7a8accbe348657af0dabd28de107240bf3a8caf921997c2901055334

Malware Config

Extracted

Family warzonerat
C2

desireblex.ddns.net:5490

Targets
Target

5b05e594d319f6d70ac64e5516623e00

MD5

5b05e594d319f6d70ac64e5516623e00

Filesize

246KB

Score
10 /10
SHA1

106e4355f90abce23844b75d6b6349a0caf3667c

SHA256

1a23d8fe69766ecb6f3c71a5bc952e7636d4b6522d2975491622816235e63171

SHA512

b796155db0fc285daec4ea9e05414f1ad5264a3ed385e782e6f3fdde90531a89e647320f7a8accbe348657af0dabd28de107240bf3a8caf921997c2901055334

Tags

Signatures

  • WarzoneRat, AveMaria

    Description

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    Tags

  • Warzone RAT Payload

    Tags

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Discovery
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation
                      Tasks