Overview

overview

10

Static

static

RFQ scope ...nts.js

windows7-x64

3

RFQ scope ...nts.js

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    RFQ scope of requirements.jar

  • Size

    1KB

  • Sample

    221129-tz9afshg5w

  • MD5

    45dbd11f9728d5c40aea8e4dd579b56c

  • SHA1

    e21600a208bdfe6454e8f45c4c58f8b00c820d2b

  • SHA256

    d74fcb65f2b575718c632458f849fdd5a3775092b4e54744a4384e15c67646cb

  • SHA512

    52fd0a03e109e7c397b2a7b626838647b66de273e1b58e7342cb741a35d2d099b506c81a972b7d74ca7f24f7089d4fc15f4b9ba954f1d78e4e288022f7ed0f13

Score
10/10
warzoneratinfostealerrat

Malware Config

Targets

    • Target

      RFQ scope of requirements.js

    • Size

      2KB

    • MD5

      84ae648af28a2f5acd3c67fabde24615

    • SHA1

      45a9a2ddd9b5d8fedd6c5767cdb0bafb95c6d72b

    • SHA256

      c3db9d461440908e3278fda059adb00e9f546a3dd8dd38f80a6cee93372ae15d

    • SHA512

      7262173a3d69a54489b57087380e056b4f789343e9e0fe58efc5d0efbe1f166df44360bf1f9a2dba96b04afc5cac272cb3b262bd1eeda1c347131fa2db38468d

    Score
    10/10
    warzoneratinfostealerrat

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

      ratinfostealerwarzonerat

    • Warzone RAT payload

      rat

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks