Bank Millennium.bin.zip

General
Target

Bank Millennium.bin.zip

Size

24KB

Sample

210726-lv7l3wfwq2

Score
10 /10
MD5

657eb971f9fb7bbc3a91a4b6e0a94951

SHA1

bab621f8714e09996d818cb77500e4eda77f84bb

SHA256

f8b2cdc588fd66dffef96f59812bbd175481e6facb1b94aba2ccef5b241aff7a

SHA512

4fd8dce3db7941fc2af24b5a43394e9669bd1dd36edde9834184c3c824821a397c5810b4ada1820ef3b32f38cbc5e70ceeeb06573396b6fe2f12e995423264e0

Malware Config

Extracted

Family warzonerat
C2

185.157.160.215:2211

Targets
Target

Bank Millennium.bin

MD5

e9a0412da07e244d2cf47c8edbdb9f24

Filesize

85KB

Score
10 /10
SHA1

8ee7fe0ce62b889237033b236a50c0c3a478e58d

SHA256

e23af5d6048c8e86e22bd7117254d7f17bc97c24fe335ea3c411367bdd9953de

SHA512

801c1446e17793d8095ebdda54e90102d734717d60866d3e2703879dc5723445808b7ce943600393ee6d5cbdb8718776edeed1cff5d2bb15e8da1a748d117944

Tags

Signatures

  • WarzoneRat, AveMaria

    Description

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    Tags

  • Warzone RAT Payload

    Tags

  • Drops startup file

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        behavioral1

                        10/10

                        behavioral2

                        1/10