1970-11-30__633003.pdf.exe

General
Target

1970-11-30__633003.pdf.exe

Size

664KB

Sample

210726-nqlgwmbfkn

Score
10 /10
MD5

12ef0fd781cfabe54c57fb2f5176ec19

SHA1

8a5b06b14840ca31017b6ec46319cd7a787ed975

SHA256

5d888bc6d0a7f5da0c94a55113d93a3f8b894472c4d42af88c7cf7cb885d95ad

SHA512

8c68b10a83c65cae967f3ebe15a6011f6448e772d24fb0f85df70d889bdccdd85f951444cf682483be94ec30b646931f9115e81e3663a1c2e3f00b4bd98b1d53

Malware Config

Extracted

Family warzonerat
C2

blacice24.hopto.org:5032

Targets
Target

1970-11-30__633003.pdf.exe

MD5

12ef0fd781cfabe54c57fb2f5176ec19

Filesize

664KB

Score
10 /10
SHA1

8a5b06b14840ca31017b6ec46319cd7a787ed975

SHA256

5d888bc6d0a7f5da0c94a55113d93a3f8b894472c4d42af88c7cf7cb885d95ad

SHA512

8c68b10a83c65cae967f3ebe15a6011f6448e772d24fb0f85df70d889bdccdd85f951444cf682483be94ec30b646931f9115e81e3663a1c2e3f00b4bd98b1d53

Tags

Signatures

  • WarzoneRat, AveMaria

    Description

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    Tags

  • Warzone RAT Payload

    Tags

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Discovery
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation
                      Tasks

                      static1

                      behavioral1

                      10/10