New purchase order August Delivery.7z

General
Target

New purchase order August Delivery.7z

Size

434KB

Sample

210727-b2c8grphax

Score
10 /10
MD5

b8f8187bd3bada9f3a1d44cc1726bfeb

SHA1

eecc2768e3d989c2d1fe3650c9a8b2435db1f4b6

SHA256

ad962c8b6546d38f3f2eb1a529f0077edb48e842b4adb5fada0b0b74bdaa9378

SHA512

6d05acd7bd97f2ff67f22df1ff3f29e96aa3d8d8aa106f568e7191f31c4f582fe603e70c9207a323ecb5994f7d9925747ab84b707728e067e27bc70de74e3156

Malware Config

Extracted

Family warzonerat
C2

51.210.65.37:4141

Targets
Target

New purchase order August Delivery.exe

MD5

6759995c0cf74f1bc16b6f9c25b5809f

Filesize

627KB

Score
10 /10
SHA1

0834e5ea4a9b329adf6da984eb295e3132df4819

SHA256

a2d837828437033b57d7fec2fd462bdbcc833a683abc71c85f05a0d56a89746b

SHA512

e5200b6691a77ab425420fffce6306e4c1d6e0b1dffcc1d7df0b200099302de788233abdb0c4a5a9a4c20d545233be6e72823d0ca346f8f67191ff36bb786fa2

Tags

Signatures

  • WarzoneRat, AveMaria

    Description

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    Tags

  • CustAttr .NET packer

    Description

    Detects CustAttr .NET packer in memory.

  • Warzone RAT Payload

    Tags

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                    Privilege Escalation
                      Tasks

                      static1

                      behavioral1

                      10/10

                      behavioral2

                      10/10