Overview

overview

10

Static

static

SecuriteIn...58.exe

windows7-x64

10

SecuriteIn...58.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    146s
  • max time network
    159s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-12-2022 03:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SecuriteInfo.com.Win32.RATX-gen.3212.5858.exe

  • Size

    60KB

  • MD5

    8c4b7521e74a3960a77f70f53179670e

  • SHA1

    c775546bdb0e2d4401e391d075cfcc0b863c8774

  • SHA256

    cea6d4fbb54e357c9c62deab33a97e5e94b91f7f95a39a6e5daf5dd69133b6d7

  • SHA512

    c683bb89b0301f330a22609c4b810c241a63964c53f4c9ae544f89d356009977714e70d8b9481bc89055c760a0a6de45dbe5b9d55ab3b432b71ddad1e643e1a7

  • SSDEEP

    1536:/iyl1nZJJMZ4jTjx6WZG/YGcO/R4UMz5Tu:/iybnBGc1u

Score
10/10
warzoneratinfostealerrat

Malware Config

Signatures

  • WarzoneRat, AveMaria

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    ratinfostealerwarzonerat
  • Warzone RAT payload 3 IoCs
    rat
  • Drops startup file 2 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 37 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.RATX-gen.3212.5858.exe
    "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.RATX-gen.3212.5858.exe"
    1⤵
    • Drops startup file
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:720
    • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.RATX-gen.3212.5858.exe
      "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.RATX-gen.3212.5858.exe"
      2⤵
        PID:4732

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/720-132-0x0000000000C20000-0x0000000000C36000-memory.dmp
      Filesize

      88KB

      Download
    • memory/720-133-0x0000000005C60000-0x0000000006204000-memory.dmp
      Filesize

      5.6MB

      Download
    • memory/720-134-0x00000000055C0000-0x0000000005652000-memory.dmp
      Filesize

      584KB

      Download
    • memory/720-135-0x0000000005670000-0x000000000567A000-memory.dmp
      Filesize

      40KB

      Download
    • memory/720-136-0x0000000006D70000-0x0000000006E0C000-memory.dmp
      Filesize

      624KB

      Download
    • memory/720-137-0x0000000006E10000-0x0000000006E76000-memory.dmp
      Filesize

      408KB

      Download
    • memory/4732-138-0x0000000000000000-mapping.dmp
      Download
    • memory/4732-139-0x0000000000400000-0x0000000000568000-memory.dmp
      Filesize

      1.4MB

      Download
    • memory/4732-141-0x0000000000400000-0x0000000000568000-memory.dmp
      Filesize

      1.4MB

      Download
    • memory/4732-142-0x0000000000400000-0x0000000000568000-memory.dmp
      Filesize

      1.4MB

      Download