Overview

overview

10

Static

static

10

46334dbe7a...9c.exe

windows7-x64

10

46334dbe7a...9c.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    46334dbe7a910808175b2717fc4a069c.exe

  • Size

    113KB

  • Sample

    221108-wwfj3sbcd7

  • MD5

    46334dbe7a910808175b2717fc4a069c

  • SHA1

    e85912984b130f05ad94714479f14b9b76e5825d

  • SHA256

    acd0a278ad8f069876948274d6d25f07d6a4235816f9305bf54b2e2af3a401df

  • SHA512

    071f4f68217a22a8374064308d2521edbcff496cbbecbe0113c66fe20d9a9b82ae0da7fd915e5fcc90325fb58db6fb17deb11513cc3fde04c9522af9aa45f2d5

  • SSDEEP

    1536:h0jP7/L1B5rVmN8sxHv2M28ix8EUaJxWjB4u0OVE01:K1VmhaH8EFvWj0OVE0

Score
10/10
warzoneratcollectioninfostealerratspywarestealer

Malware Config

Extracted

Family

warzonerat

C2

107.173.62.99:5200

Targets

    • Target

      46334dbe7a910808175b2717fc4a069c.exe

    • Size

      113KB

    • MD5

      46334dbe7a910808175b2717fc4a069c

    • SHA1

      e85912984b130f05ad94714479f14b9b76e5825d

    • SHA256

      acd0a278ad8f069876948274d6d25f07d6a4235816f9305bf54b2e2af3a401df

    • SHA512

      071f4f68217a22a8374064308d2521edbcff496cbbecbe0113c66fe20d9a9b82ae0da7fd915e5fcc90325fb58db6fb17deb11513cc3fde04c9522af9aa45f2d5

    • SSDEEP

      1536:h0jP7/L1B5rVmN8sxHv2M28ix8EUaJxWjB4u0OVE01:K1VmhaH8EFvWj0OVE0

    Score
    10/10
    warzoneratcollectioninfostealerratspywarestealer

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

      ratinfostealerwarzonerat

    • Warzone RAT payload

      rat

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks