Overview

overview

10

Static

static

Purchase-O...37.exe

windows7_x64

3

Purchase-O...37.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Purchase-Order3009837.exe

  • Size

    627KB

  • Sample

    211202-rrwy2scgd3

  • MD5

    18f78602b7f09501d5575809c5111d44

  • SHA1

    bf4a38c98cd0f03f47e9dc989324c359bac2b701

  • SHA256

    a38721cf393bceba06b9fc1b197906cff368fafd6b8b9884e7151b50c07633d0

  • SHA512

    5c388ec192239d90b8fbe0ab4c9b2b5c9660a7b981eb562e04458d68cbe2ffa4a342605a14c61c944caf2fd09da2b8a2ebd6c9c6996f16e2a2c5c2361ac07c70

Score
10/10
warzoneratcollectioninfostealerratspywarestealer

Malware Config

Extracted

Family

warzonerat

C2

grekris.freeddns.org:3345

Targets

    • Target

      Purchase-Order3009837.exe

    • Size

      627KB

    • MD5

      18f78602b7f09501d5575809c5111d44

    • SHA1

      bf4a38c98cd0f03f47e9dc989324c359bac2b701

    • SHA256

      a38721cf393bceba06b9fc1b197906cff368fafd6b8b9884e7151b50c07633d0

    • SHA512

      5c388ec192239d90b8fbe0ab4c9b2b5c9660a7b981eb562e04458d68cbe2ffa4a342605a14c61c944caf2fd09da2b8a2ebd6c9c6996f16e2a2c5c2361ac07c70

    Score
    10/10
    warzoneratcollectioninfostealerratspywarestealer

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

      ratinfostealerwarzonerat

    • Warzone RAT Payload

      rat

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks