Overview

overview

10

Static

static

1

PAYMENT DOC.exe

windows7_x64

10

PAYMENT DOC.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PAYMENT DOC.exe

  • Size

    274KB

  • Sample

    211013-nsv7csdghn

  • MD5

    55d99749553fb93316b66f480c35d7d1

  • SHA1

    27cad4666afbaa3b9730929fcc7cfe5d8f0999b6

  • SHA256

    3fac732646ab12565cfd2dbdab89d71b26fad16db25a6143dfb11bf6da3bce26

  • SHA512

    b8e4c7617d2077fd425fca7b81bbf709030127cb034a86cc7bd797c535682c1f3be53070438594e75c23915012a24655b6cfd226d34120c9cbf9fa0ff9701aa3

Score
10/10
warzoneratcollectioninfostealerratspywarestealer

Malware Config

Extracted

Family

warzonerat

C2

136.144.41.66:5200

Targets

    • Target

      PAYMENT DOC.exe

    • Size

      274KB

    • MD5

      55d99749553fb93316b66f480c35d7d1

    • SHA1

      27cad4666afbaa3b9730929fcc7cfe5d8f0999b6

    • SHA256

      3fac732646ab12565cfd2dbdab89d71b26fad16db25a6143dfb11bf6da3bce26

    • SHA512

      b8e4c7617d2077fd425fca7b81bbf709030127cb034a86cc7bd797c535682c1f3be53070438594e75c23915012a24655b6cfd226d34120c9cbf9fa0ff9701aa3

    Score
    10/10
    warzoneratinfostealerratcollectionspywarestealer

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

      ratinfostealerwarzonerat

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks