Overview

overview

10

Static

static

8

MACHINE_.EXE

windows7_x64

3

MACHINE_.EXE

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    MACHINE SPECIFICATIONS.IMG

  • Size

    1.2MB

  • Sample

    210825-3t78skvqca

  • MD5

    79cd0a7ced1db03ea0129e054d3e865d

  • SHA1

    fdc99dd22215625ba3f0c3479af882c5db718d8c

  • SHA256

    7ad82722eed02d63b24e0e99480e332d26074f9cadbacef5a653989f81bc9f7e

  • SHA512

    1cc1d1af7aab9e07feb45c76649879b1d43ccf0ca82ec01db263751441564c613faef8349d6ca351d7c1bdde2539704f5255d39295c63bedc2388a5e411fafe3

Score
10/10
warzoneratinfostealerratupx

Malware Config

Extracted

Family

warzonerat

C2

2.56.59.131:5200

Targets

    • Target

      MACHINE_.EXE

    • Size

      552KB

    • MD5

      dd29df9b14e9165a7e218ccb399934b5

    • SHA1

      e5b3e6f043612e53cd9fbae00b93102596238f42

    • SHA256

      9051b63011b57f14eb413563f9ee38a2e52a41b20a1c165f2daf057eb7dc2766

    • SHA512

      7161a2df32c9da9823cf7bfd11874c8f71def013fc8ff12a06ac9c5c045bbba1e2d077b9f7bad32d1bbe88862804119da419f8951d5256bc57aef6cb3f393811

    Score
    10/10
    warzoneratinfostealerratupx

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

      ratinfostealerwarzonerat

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks