Resubmissions

12/01/2022, 09:53

220112-lwy2bacbb5 10

12/01/2022, 09:37

220112-llgz2scbdl 10

General

  • Target

    HSBC_eAdvice110122.exe

  • Size

    387KB

  • Sample

    220112-llgz2scbdl

  • MD5

    e1027f95d948692fc354d83d8d3c7f58

  • SHA1

    9eb71331b126fe7d8db5f2d02a1e2d2819c6ff92

  • SHA256

    ad2b82ff03ddb286b64fbc5a037f1ee5c99ca64f478cd2dbe2217e74545b523a

  • SHA512

    0a40de8853ed51d1c1b59065456324b17ea7b218b4ef1eed8a53a3fd819d9ad32ebb8e8460a4ca03e95131c8d0bb4a61bd10b65dd02e5fd78e3ad7b7f7b166f8

Malware Config

Extracted

Family

warzonerat

C2

212.192.246.126:5200

Targets

    • Target

      HSBC_eAdvice110122.exe

    • Size

      387KB

    • MD5

      e1027f95d948692fc354d83d8d3c7f58

    • SHA1

      9eb71331b126fe7d8db5f2d02a1e2d2819c6ff92

    • SHA256

      ad2b82ff03ddb286b64fbc5a037f1ee5c99ca64f478cd2dbe2217e74545b523a

    • SHA512

      0a40de8853ed51d1c1b59065456324b17ea7b218b4ef1eed8a53a3fd819d9ad32ebb8e8460a4ca03e95131c8d0bb4a61bd10b65dd02e5fd78e3ad7b7f7b166f8

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

MITRE ATT&CK Enterprise v6

Tasks