Overview

overview

10

Static

static

1

Gulfood 20...ec.exe

windows7_x64

10

Gulfood 20...ec.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Gulfood 2021 Purchase order 403 urgent spec.tar.gz

  • Size

    349KB

  • Sample

    211202-qqn2dahaaq

  • MD5

    7b31bd3c88f283ba078f6917b444c711

  • SHA1

    5be048f4ed6dee6d13ae71533ff3c86c24ae058d

  • SHA256

    7ae7d148ef1f7ce42b9d4ef546c7b34c4c1e9f501d48d7358cb3995cd5150c23

  • SHA512

    918f36ead0925603840dd810048a975b980709af98ca9a98e2261d15ad71d5a0e61189583016522a8d32674f74f5bc24a2f465aed6d2b397105a5f6bac302036

Score
10/10
warzoneratcollectioninfostealerratspywarestealer

Malware Config

Extracted

Family

warzonerat

C2

engkaa.ddns.net:4545

Targets

    • Target

      Gulfood 2021 Purchase order 403 urgent spec.exe

    • Size

      499KB

    • MD5

      efa77006bd3d523a9de2826543caa98a

    • SHA1

      1899a95a182cbcae4e02b9e9ab554d64f2f3e104

    • SHA256

      4741cd3af6f59f70eec833fed1b15217d5aca476df66da7e641b73ebcc6da91f

    • SHA512

      2eea5126ed89a77cc314d32a62fd1d17bca4163e5c9c6abca3572d4d931974a565b5cb3a162a8364d05507d3a6ea0ca4a9e8be47bf124b25fe0528ec9e3494a9

    Score
    10/10
    warzoneratinfostealerratcollectionspywarestealer

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

      ratinfostealerwarzonerat

    • Warzone RAT Payload

      rat

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks