Overview

overview

10

Static

static

Quotation9...df.exe

windows7_x64

10

Quotation9...df.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Quotation9011332.pdf.exe

  • Size

    419KB

  • Sample

    220406-fpmrtadfan

  • MD5

    5016a372458c81a13e1adaa0baf5aa15

  • SHA1

    5a491e0c563d0838d15bf3933b663cb10a285523

  • SHA256

    0bb09b028f6802d5f9a967dd0a51f89f3b8fb939315abad0706c22e21651e376

  • SHA512

    80025833be31737ee86b365563c7d33931a128ec6f09d2153ecf77aa17c2de9402c2538e631589e5f8c0eac916a84b027b351ee55d2e1b522bd27926cf5d4e7e

Score
10/10
warzoneratinfostealerrat

Malware Config

Extracted

Family

warzonerat

C2

185.183.98.169:20911

Targets

    • Target

      Quotation9011332.pdf.exe

    • Size

      419KB

    • MD5

      5016a372458c81a13e1adaa0baf5aa15

    • SHA1

      5a491e0c563d0838d15bf3933b663cb10a285523

    • SHA256

      0bb09b028f6802d5f9a967dd0a51f89f3b8fb939315abad0706c22e21651e376

    • SHA512

      80025833be31737ee86b365563c7d33931a128ec6f09d2153ecf77aa17c2de9402c2538e631589e5f8c0eac916a84b027b351ee55d2e1b522bd27926cf5d4e7e

    Score
    10/10
    warzoneratinfostealerrat

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

      ratinfostealerwarzonerat

    • Warzone RAT Payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks