Overview

overview

10

Static

static

10

61a4c77bc0...56.exe

windows7-x64

10

61a4c77bc0...56.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    61a4c77bc0861ec1b5b6fb5acf4d0d56.exe

  • Size

    113KB

  • Sample

    221129-fv5jtagh99

  • MD5

    61a4c77bc0861ec1b5b6fb5acf4d0d56

  • SHA1

    ac2f82bc5bd131594e225f484e5f005163201070

  • SHA256

    35da24f2eaaf244a17ad7e8693f679ec31ce04b09b001ca0389c2da94dcea73c

  • SHA512

    366937cec20aa5d560459d12c3374f2e1846933b42329393de0e5b3c97dd1f020c6fc05db375644f6610415fefb5d417669bae3c8eb057a1363a50f98e906daf

  • SSDEEP

    1536:h0jP7/L1B5rVmN8sxHv2M28ix8EUaJxW4KB4u0OVE01:K1VmhaH8EFvWH0OVE0

Score
10/10
warzoneratcollectioninfostealerpersistenceratspywarestealer

Malware Config

Extracted

Family

warzonerat

C2

iron65.ddns.net:4424

Targets

    • Target

      61a4c77bc0861ec1b5b6fb5acf4d0d56.exe

    • Size

      113KB

    • MD5

      61a4c77bc0861ec1b5b6fb5acf4d0d56

    • SHA1

      ac2f82bc5bd131594e225f484e5f005163201070

    • SHA256

      35da24f2eaaf244a17ad7e8693f679ec31ce04b09b001ca0389c2da94dcea73c

    • SHA512

      366937cec20aa5d560459d12c3374f2e1846933b42329393de0e5b3c97dd1f020c6fc05db375644f6610415fefb5d417669bae3c8eb057a1363a50f98e906daf

    • SSDEEP

      1536:h0jP7/L1B5rVmN8sxHv2M28ix8EUaJxW4KB4u0OVE01:K1VmhaH8EFvWH0OVE0

    Score
    10/10
    warzoneratcollectioninfostealerpersistenceratspywarestealer

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

      ratinfostealerwarzonerat

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks