Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b9419a890ae732f44b4bbde7167aa6e559e912f8d1d7fa52fb9a70233efae334

  • Size

    282KB

  • Sample

    211025-csdrjagder

  • MD5

    eb5005349713aa25ee7cfc2833786d56

  • SHA1

    900d09d685fff9b690ca50b96b5ab77449f5623f

  • SHA256

    b9419a890ae732f44b4bbde7167aa6e559e912f8d1d7fa52fb9a70233efae334

  • SHA512

    6926d989e716cd958a03a49c56679725dba11b30bfb3be20ea99bfe4d4449d4ac4aa202e2fc59a99f624635191a9581bc5d97d2d7ce2ca3d95259b5524fb0164

Score
10/10
warzoneratinfostealerpersistencerat

Malware Config

Extracted

Family

warzonerat

C2

grace.adds-only.xyz:2323

Targets

    • Target

      b9419a890ae732f44b4bbde7167aa6e559e912f8d1d7fa52fb9a70233efae334

    • Size

      282KB

    • MD5

      eb5005349713aa25ee7cfc2833786d56

    • SHA1

      900d09d685fff9b690ca50b96b5ab77449f5623f

    • SHA256

      b9419a890ae732f44b4bbde7167aa6e559e912f8d1d7fa52fb9a70233efae334

    • SHA512

      6926d989e716cd958a03a49c56679725dba11b30bfb3be20ea99bfe4d4449d4ac4aa202e2fc59a99f624635191a9581bc5d97d2d7ce2ca3d95259b5524fb0164

    Score
    10/10
    warzoneratinfostealerpersistencerat

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

      ratinfostealerwarzonerat

    • Warzone RAT Payload

      rat

    • Executes dropped EXE

    • Drops startup file

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks