Overview

overview

10

Static

static

ADLINK-TEC...37.exe

windows7-x64

10

ADLINK-TEC...37.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ADLINK-TECH PO#2220002637.exe

  • Size

    70KB

  • Sample

    221122-en3k7shg75

  • MD5

    6de81641b2c6a47f647aa00c23df24e1

  • SHA1

    53b0798111703410bf26a8648e1db8ef83212627

  • SHA256

    432b58d99b8a2532e92fd36a745c952562a56223a458f4fb444685cfc8706250

  • SHA512

    e54bfd45b540d280e4e7a1efec15d8a9686151991417bb2a7d78355215a2b1c04087f3ec5462ea0074c836d5f1679db9f4eee3fcd11f420835b8104e894e6324

  • SSDEEP

    768:mAhYp0rnxX2aLY2ZDWo472H8Ekol/d3eJG53G73my86iCgkozMB20:WQxX2kY2N472d3eJG53G73mxdvdIv

Score
10/10
warzoneratcollectioninfostealerratspywarestealer

Malware Config

Extracted

Family

warzonerat

C2

just-fax207.home-webserver.de:41142

Targets

    • Target

      ADLINK-TECH PO#2220002637.exe

    • Size

      70KB

    • MD5

      6de81641b2c6a47f647aa00c23df24e1

    • SHA1

      53b0798111703410bf26a8648e1db8ef83212627

    • SHA256

      432b58d99b8a2532e92fd36a745c952562a56223a458f4fb444685cfc8706250

    • SHA512

      e54bfd45b540d280e4e7a1efec15d8a9686151991417bb2a7d78355215a2b1c04087f3ec5462ea0074c836d5f1679db9f4eee3fcd11f420835b8104e894e6324

    • SSDEEP

      768:mAhYp0rnxX2aLY2ZDWo472H8Ekol/d3eJG53G73my86iCgkozMB20:WQxX2kY2N472d3eJG53G73mxdvdIv

    Score
    10/10
    warzoneratcollectioninfostealerratspywarestealer

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

      ratinfostealerwarzonerat

    • Warzone RAT payload

      rat

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks