Overview

overview

10

Static

static

Payment Swift.exe

windows7-x64

10

Payment Swift.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    137s
  • max time network
    43s
  • platform
    windows7_x64
  • resource
    win7-20220715-en
  • submitted
    25-07-2022 14:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Payment Swift.exe

  • Size

    611KB

  • MD5

    62ee0d3aebacdbfeaa1b31781398b22c

  • SHA1

    28ea8142385b4c64f8157299d3d44d00244c2e6a

  • SHA256

    61d43a20936f0a0ed8a535e4eb21535009b271f91e62200b29c92dc46d731c64

  • SHA512

    24945a0e303d5ae9854271a93440dbf042e20f45f42d70bb29fd58064ce4f2b66cdc87fa0d2b3440154d74e0fdb3ba6e36c8c89592fade051b07a9a1f967fd47

Score
10/10
warzoneratinfostealerrat

Malware Config

Extracted

Family

warzonerat

C2

51.75.209.232:5200

Signatures

  • WarzoneRat, AveMaria

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    ratinfostealerwarzonerat
  • Warzone RAT payload 9 IoCs
    rat
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Payment Swift.exe
    "C:\Users\Admin\AppData\Local\Temp\Payment Swift.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1072
    • C:\Users\Admin\AppData\Local\Temp\Payment Swift.exe
      "C:\Users\Admin\AppData\Local\Temp\Payment Swift.exe"
      2⤵
        PID:1624

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1072-54-0x0000000000D80000-0x0000000000E1E000-memory.dmp
      Filesize

      632KB

      Download
    • memory/1072-55-0x0000000074DF1000-0x0000000074DF3000-memory.dmp
      Filesize

      8KB

      Download
    • memory/1072-56-0x00000000005F0000-0x0000000000606000-memory.dmp
      Filesize

      88KB

      Download
    • memory/1072-57-0x0000000000610000-0x000000000061A000-memory.dmp
      Filesize

      40KB

      Download
    • memory/1072-58-0x0000000004FF0000-0x0000000005066000-memory.dmp
      Filesize

      472KB

      Download
    • memory/1072-59-0x0000000000AD0000-0x0000000000AF8000-memory.dmp
      Filesize

      160KB

      Download
    • memory/1624-60-0x0000000000400000-0x000000000055A000-memory.dmp
      Filesize

      1.4MB

      Download
    • memory/1624-61-0x0000000000400000-0x000000000055A000-memory.dmp
      Filesize

      1.4MB

      Download
    • memory/1624-63-0x0000000000400000-0x000000000055A000-memory.dmp
      Filesize

      1.4MB

      Download
    • memory/1624-65-0x0000000000400000-0x000000000055A000-memory.dmp
      Filesize

      1.4MB

      Download
    • memory/1624-66-0x0000000000400000-0x000000000055A000-memory.dmp
      Filesize

      1.4MB

      Download
    • memory/1624-68-0x0000000000400000-0x000000000055A000-memory.dmp
      Filesize

      1.4MB

      Download
    • memory/1624-71-0x0000000000400000-0x000000000055A000-memory.dmp
      Filesize

      1.4MB

      Download
    • memory/1624-70-0x0000000000400000-0x000000000055A000-memory.dmp
      Filesize

      1.4MB

      Download
    • memory/1624-72-0x0000000000406DA4-mapping.dmp
      Download
    • memory/1624-75-0x0000000000400000-0x000000000055A000-memory.dmp
      Filesize

      1.4MB

      Download
    • memory/1624-76-0x0000000000400000-0x000000000055A000-memory.dmp
      Filesize

      1.4MB

      Download
    • memory/1624-77-0x0000000000400000-0x000000000055A000-memory.dmp
      Filesize

      1.4MB

      Download