Overview

overview

10

Static

static

New purcha...ry.exe

windows7_x64

10

New purcha...ry.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    New purchase order August Delivery.7z

  • Size

    434KB

  • Sample

    210727-b2c8grphax

  • MD5

    b8f8187bd3bada9f3a1d44cc1726bfeb

  • SHA1

    eecc2768e3d989c2d1fe3650c9a8b2435db1f4b6

  • SHA256

    ad962c8b6546d38f3f2eb1a529f0077edb48e842b4adb5fada0b0b74bdaa9378

  • SHA512

    6d05acd7bd97f2ff67f22df1ff3f29e96aa3d8d8aa106f568e7191f31c4f582fe603e70c9207a323ecb5994f7d9925747ab84b707728e067e27bc70de74e3156

Score
10/10
warzoneratinfostealerrat

Malware Config

Extracted

Family

warzonerat

C2

51.210.65.37:4141

Targets

    • Target

      New purchase order August Delivery.exe

    • Size

      627KB

    • MD5

      6759995c0cf74f1bc16b6f9c25b5809f

    • SHA1

      0834e5ea4a9b329adf6da984eb295e3132df4819

    • SHA256

      a2d837828437033b57d7fec2fd462bdbcc833a683abc71c85f05a0d56a89746b

    • SHA512

      e5200b6691a77ab425420fffce6306e4c1d6e0b1dffcc1d7df0b200099302de788233abdb0c4a5a9a4c20d545233be6e72823d0ca346f8f67191ff36bb786fa2

    Score
    10/10
    warzoneratinfostealerrat

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

      ratinfostealerwarzonerat

    • CustAttr .NET packer

      Detects CustAttr .NET packer in memory.

    • Warzone RAT Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks