Statement SKBMT 01578.exe

General
Target

Statement SKBMT 01578.exe

Size

1MB

Sample

210723-w5cx85a9ss

Score
10 /10
MD5

b2cd4e8f0a79d8953255bef56fb15bb1

SHA1

38f857bbc3bb63418fad5474b5b315ec8688144e

SHA256

857dd518ef3c65847d22cec214d81cc0e2ca2259915a7308c0b2ff2c58023082

SHA512

771a158731332e72c848a10ad87b928317cdc83026813e6651ffa173875182059580f1092d953f417974be18252ee7de19016ee9a65f6fbf16392ad0515ee010

Malware Config

Extracted

Family warzonerat
C2

103.133.109.176:7600

Targets
Target

Statement SKBMT 01578.exe

MD5

b2cd4e8f0a79d8953255bef56fb15bb1

Filesize

1MB

Score
10 /10
SHA1

38f857bbc3bb63418fad5474b5b315ec8688144e

SHA256

857dd518ef3c65847d22cec214d81cc0e2ca2259915a7308c0b2ff2c58023082

SHA512

771a158731332e72c848a10ad87b928317cdc83026813e6651ffa173875182059580f1092d953f417974be18252ee7de19016ee9a65f6fbf16392ad0515ee010

Tags

Signatures

  • WarzoneRat, AveMaria

    Description

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    Tags

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Execution
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                Privilege Escalation
                  Tasks

                  static1

                  behavioral1

                  10/10