Overview

overview

10

Static

static

10

5db3ab9ce1...45.exe

windows7-x64

10

5db3ab9ce1...45.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5db3ab9ce1ab8ce083460fedf3c26145.exe

  • Size

    132KB

  • Sample

    220930-yd3m1afedp

  • MD5

    5db3ab9ce1ab8ce083460fedf3c26145

  • SHA1

    3d39b44bba0bc9bed6be891b5d6cd0e66b430e4b

  • SHA256

    f712d6a7c1b8cd50ab3ae92115b3ef771a32e4e2663b2d0d75fda65512fec088

  • SHA512

    30bc848066f8688c3fad9bae176891285b52a50f33736429b577e026a2aa09a4406713c18aacee377c49f45311b4955c00409078259da8cd4adf73aa85a34696

  • SSDEEP

    3072:K7W9jps0Tx4azG6GweOTir5axbjNCz45LT7a:KwpsERzGKurEXCzeLT7a

Score
10/10
warzoneratcollectioninfostealerratspywarestealer

Malware Config

Extracted

Family

warzonerat

C2

151.106.19.203:5204

Targets

    • Target

      5db3ab9ce1ab8ce083460fedf3c26145.exe

    • Size

      132KB

    • MD5

      5db3ab9ce1ab8ce083460fedf3c26145

    • SHA1

      3d39b44bba0bc9bed6be891b5d6cd0e66b430e4b

    • SHA256

      f712d6a7c1b8cd50ab3ae92115b3ef771a32e4e2663b2d0d75fda65512fec088

    • SHA512

      30bc848066f8688c3fad9bae176891285b52a50f33736429b577e026a2aa09a4406713c18aacee377c49f45311b4955c00409078259da8cd4adf73aa85a34696

    • SSDEEP

      3072:K7W9jps0Tx4azG6GweOTir5axbjNCz45LT7a:KwpsERzGKurEXCzeLT7a

    Score
    10/10
    warzoneratcollectioninfostealerratspywarestealer

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

      ratinfostealerwarzonerat

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks