Overview

overview

10

Static

static

6.exe

windows7_x64

3

6.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6.exe

  • Size

    680KB

  • Sample

    211007-l8yw3scdhq

  • MD5

    108955d1209a4b258df640f856ae110e

  • SHA1

    cbbfb4673d9e636736691349158284411f89c0f1

  • SHA256

    256014572cb606bd3f4b7aff3d03adc25f35fd3df29a20ccb073392d9aa90954

  • SHA512

    e7136bbdd774f99048e9359ce4fc72e49498d5813cd04c218b8bf4b0cca10dd32d0dac1a4caa8e04ff107ab388fab743a8f6a6ec74e385b3078db155dacfceec

Score
10/10
warzoneratinfostealerrat

Malware Config

Extracted

Family

warzonerat

C2

152.67.253.163:5300

Targets

    • Target

      6.exe

    • Size

      680KB

    • MD5

      108955d1209a4b258df640f856ae110e

    • SHA1

      cbbfb4673d9e636736691349158284411f89c0f1

    • SHA256

      256014572cb606bd3f4b7aff3d03adc25f35fd3df29a20ccb073392d9aa90954

    • SHA512

      e7136bbdd774f99048e9359ce4fc72e49498d5813cd04c218b8bf4b0cca10dd32d0dac1a4caa8e04ff107ab388fab743a8f6a6ec74e385b3078db155dacfceec

    Score
    10/10
    warzoneratinfostealerrat

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

      ratinfostealerwarzonerat

    • Warzone RAT Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks