QUOTATION-007222021.exe

General
Target

QUOTATION-007222021.exe

Size

2MB

Sample

210723-mbqe3cg7t6

Score
10 /10
MD5

4b25ce6286e4db04124b13ad0227fd77

SHA1

53ce201bab5c1de3ab8ce4bf2a89eec54fa25a05

SHA256

4d787dca4719a668ec0cca721a93a2ae6b6135a2ddde4f75f2b8b790fb19cc3b

SHA512

d245418614f02e6aefc59e9fa24a82827a09bc0150e89b1ff21e89c4c75d75bf14527ec0b8720e5ecce80b5ab8b1651c14b15d0c7786c0c47d123e8c5cd0bdc3

Malware Config

Extracted

Family warzonerat
C2

194.5.97.145:9976

Targets
Target

QUOTATION-007222021.exe

MD5

4b25ce6286e4db04124b13ad0227fd77

Filesize

2MB

Score
10 /10
SHA1

53ce201bab5c1de3ab8ce4bf2a89eec54fa25a05

SHA256

4d787dca4719a668ec0cca721a93a2ae6b6135a2ddde4f75f2b8b790fb19cc3b

SHA512

d245418614f02e6aefc59e9fa24a82827a09bc0150e89b1ff21e89c4c75d75bf14527ec0b8720e5ecce80b5ab8b1651c14b15d0c7786c0c47d123e8c5cd0bdc3

Tags

Signatures

  • WarzoneRat, AveMaria

    Description

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    Tags

  • Warzone RAT Payload

    Tags

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup Folder Modify Registry

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Privilege Escalation
                      Tasks

                      static1