Overview

overview

10

Static

static

SecuriteIn...41.exe

windows7-x64

10

SecuriteIn...41.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.Win32.PWSX-gen.1041.15454

  • Size

    852KB

  • Sample

    221124-w5hqsseh9s

  • MD5

    2015410bb46bda0bd98be49f2ca03e00

  • SHA1

    f500da9df562378cd0565485489321d59fa1699c

  • SHA256

    c36284bc37b2aaf39d2e911ef97aac1fa583ca30d90f2cd006635f8f5bf0d7e1

  • SHA512

    003a87fa2a9e6cbc2e12ede2cbf78abbe11eec1635e0695406c421c496783defd9ec6659a1524d8481dbeed61155bb5eebbe997ea0863e8590bbc69b3c8cc7e6

  • SSDEEP

    12288:XHmZJbxpDFv6d2tZKGxF9rOTE/oMwtXBE3QVmfVUQa8PbT6OZO2bUq0fjVZ5jSC:XHvd2tceX/nyR3VmfVDHbTLZOKYjkC

Score
10/10
warzoneratinfostealerrat

Malware Config

Targets

    • Target

      SecuriteInfo.com.Win32.PWSX-gen.1041.15454

    • Size

      852KB

    • MD5

      2015410bb46bda0bd98be49f2ca03e00

    • SHA1

      f500da9df562378cd0565485489321d59fa1699c

    • SHA256

      c36284bc37b2aaf39d2e911ef97aac1fa583ca30d90f2cd006635f8f5bf0d7e1

    • SHA512

      003a87fa2a9e6cbc2e12ede2cbf78abbe11eec1635e0695406c421c496783defd9ec6659a1524d8481dbeed61155bb5eebbe997ea0863e8590bbc69b3c8cc7e6

    • SSDEEP

      12288:XHmZJbxpDFv6d2tZKGxF9rOTE/oMwtXBE3QVmfVUQa8PbT6OZO2bUq0fjVZ5jSC:XHvd2tceX/nyR3VmfVDHbTLZOKYjkC

    Score
    10/10
    warzoneratinfostealerrat

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

      ratinfostealerwarzonerat

    • Warzone RAT payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks