TOA Vietnam Co. Ltd - Inquiry Note from 26.07.2021.exe

General
Target

TOA Vietnam Co. Ltd - Inquiry Note from 26.07.2021.exe

Size

1MB

Sample

210726-fbd7nssq66

Score
10 /10
MD5

219ba6bac5cb35641e76ffdee2f97fbc

SHA1

4eb1887fc7de7552c674c5501de8776c5175de3f

SHA256

ac9a96be003388d497db4755c9ca68a2725c901fdec82b942b4fb84683490b01

SHA512

fff2cef9f701e5f1fa50e93e05bc13c13313815b151e9e31ff719d5b13a20d7437544efe001ad4a6745532c408e3adb42e512aaae4858d35e6bc9f18b864a9f3

Malware Config

Extracted

Family warzonerat
C2

185.222.57.73:4557

Targets
Target

TOA Vietnam Co. Ltd - Inquiry Note from 26.07.2021.exe

MD5

219ba6bac5cb35641e76ffdee2f97fbc

Filesize

1MB

Score
10 /10
SHA1

4eb1887fc7de7552c674c5501de8776c5175de3f

SHA256

ac9a96be003388d497db4755c9ca68a2725c901fdec82b942b4fb84683490b01

SHA512

fff2cef9f701e5f1fa50e93e05bc13c13313815b151e9e31ff719d5b13a20d7437544efe001ad4a6745532c408e3adb42e512aaae4858d35e6bc9f18b864a9f3

Tags

Signatures

  • WarzoneRat, AveMaria

    Description

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    Tags

  • suricata: ET MALWARE Possible Malicious Macro DL EXE Feb 2016

    Tags

  • Warzone RAT Payload

    Tags

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Execution
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                Privilege Escalation
                  Tasks

                  static1

                  behavioral2

                  1/10