General

  • Target

    TOA Vietnam Co. Ltd - Inquiry Note from 26.07.2021.exe

  • Size

    1.4MB

  • Sample

    210726-fbd7nssq66

  • MD5

    219ba6bac5cb35641e76ffdee2f97fbc

  • SHA1

    4eb1887fc7de7552c674c5501de8776c5175de3f

  • SHA256

    ac9a96be003388d497db4755c9ca68a2725c901fdec82b942b4fb84683490b01

  • SHA512

    fff2cef9f701e5f1fa50e93e05bc13c13313815b151e9e31ff719d5b13a20d7437544efe001ad4a6745532c408e3adb42e512aaae4858d35e6bc9f18b864a9f3

Malware Config

Extracted

Family

warzonerat

C2

185.222.57.73:4557

Targets

    • Target

      TOA Vietnam Co. Ltd - Inquiry Note from 26.07.2021.exe

    • Size

      1.4MB

    • MD5

      219ba6bac5cb35641e76ffdee2f97fbc

    • SHA1

      4eb1887fc7de7552c674c5501de8776c5175de3f

    • SHA256

      ac9a96be003388d497db4755c9ca68a2725c901fdec82b942b4fb84683490b01

    • SHA512

      fff2cef9f701e5f1fa50e93e05bc13c13313815b151e9e31ff719d5b13a20d7437544efe001ad4a6745532c408e3adb42e512aaae4858d35e6bc9f18b864a9f3

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    • suricata: ET MALWARE Possible Malicious Macro DL EXE Feb 2016

    • Warzone RAT Payload

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks