Overview

overview

10

Static

static

e0c2e8f636...73.exe

windows7-x64

10

e0c2e8f636...73.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e0c2e8f6366af3fc5cf7c56992d2fb084da7cb4b760eadc3744943a4eb688173.exe

  • Size

    1.1MB

  • Sample

    221203-ct4dksae5w

  • MD5

    600086d95f02436a1ff495b74f132bac

  • SHA1

    128204195977f567e07e68c8524d136b3aeead56

  • SHA256

    e0c2e8f6366af3fc5cf7c56992d2fb084da7cb4b760eadc3744943a4eb688173

  • SHA512

    a13365de7afda5f671124d86bb1b32a5b14a6b31538948fedaceb92740b58d1fe2d24168464357835a27599fe970e1ab4c9994f36a09ed8bb4826cfafbe373b7

  • SSDEEP

    24576:BAqZRqOIRqO0xqOOI5r+ilGiTmMZiv/DXqq3oTiwAAgEEY4:BRqOO2CGiv/Wq3oTQp

Score
10/10
warzoneratcollectioninfostealerrat

Malware Config

Extracted

Family

warzonerat

C2

91.192.100.45:7192

Targets

    • Target

      e0c2e8f6366af3fc5cf7c56992d2fb084da7cb4b760eadc3744943a4eb688173.exe

    • Size

      1.1MB

    • MD5

      600086d95f02436a1ff495b74f132bac

    • SHA1

      128204195977f567e07e68c8524d136b3aeead56

    • SHA256

      e0c2e8f6366af3fc5cf7c56992d2fb084da7cb4b760eadc3744943a4eb688173

    • SHA512

      a13365de7afda5f671124d86bb1b32a5b14a6b31538948fedaceb92740b58d1fe2d24168464357835a27599fe970e1ab4c9994f36a09ed8bb4826cfafbe373b7

    • SSDEEP

      24576:BAqZRqOIRqO0xqOOI5r+ilGiTmMZiv/DXqq3oTiwAAgEEY4:BRqOO2CGiv/Wq3oTQp

    Score
    10/10
    warzoneratcollectioninfostealerrat

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

      ratinfostealerwarzonerat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks