Overview

overview

10

Static

static

pre-shipme...df.exe

windows7_x64

10

pre-shipme...df.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    pre-shipment docs pdf.exe

  • Size

    1.9MB

  • Sample

    211005-q6y7aaacan

  • MD5

    bf7564bc839629652fe5afb347c6ad00

  • SHA1

    13406a07579545e4e78fa558db097a3daadeb5cb

  • SHA256

    283bccfdd8b56a554bab2ed08eddd1a8db68ecfb9fea6d9518dad9b650328c70

  • SHA512

    b095bbb4973b9f1cade933e9a06f4f1de827f95677bffa015cbec9be2b0d7f16f773135dc925858793e0cd50e744eda70361d2955d7b81e70e523f6dfa7fe413

Score
10/10
warzoneratinfostealerpersistencerat

Malware Config

Extracted

Family

warzonerat

C2

45.137.22.131:5200

Targets

    • Target

      pre-shipment docs pdf.exe

    • Size

      1.9MB

    • MD5

      bf7564bc839629652fe5afb347c6ad00

    • SHA1

      13406a07579545e4e78fa558db097a3daadeb5cb

    • SHA256

      283bccfdd8b56a554bab2ed08eddd1a8db68ecfb9fea6d9518dad9b650328c70

    • SHA512

      b095bbb4973b9f1cade933e9a06f4f1de827f95677bffa015cbec9be2b0d7f16f773135dc925858793e0cd50e744eda70361d2955d7b81e70e523f6dfa7fe413

    Score
    10/10
    warzoneratinfostealerpersistencerat

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

      ratinfostealerwarzonerat

    • Warzone RAT Payload

      rat

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks