Overview

overview

10

Static

static

1

7e397f197a...cc.exe

windows7-x64

10

7e397f197a...cc.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7e397f197a4122d8a085b7a5c9d080aa9f103b87e40cc.exe

  • Size

    411KB

  • Sample

    230405-gtrf8sea9t

  • MD5

    3e4a6a626a6ec6287959069f5d4a23f8

  • SHA1

    3199154897383ac6bae446940e79e65b0fa79253

  • SHA256

    7e397f197a4122d8a085b7a5c9d080aa9f103b87e40cc4166cd283b8ad679faf

  • SHA512

    11ed74559043e250c998b0c30e0f97f7f30b1648eb3fc68937a25415901bd2bf77d1dae8f1b7fd5e38238615b992734f3a4897c5c1f849a6edf923ff946a726e

  • SSDEEP

    12288:cHQdkTZcKDn+GmLIkfWYebn7zqFE7SGUQQoJLzPp4FrSmSA:FdkTZcKDn+GmGaI9QMzPc

Score
10/10
warzoneratcollectioninfostealerrat

Malware Config

Extracted

Family

warzonerat

C2

5.161.206.28:5200

Targets

    • Target

      7e397f197a4122d8a085b7a5c9d080aa9f103b87e40cc.exe

    • Size

      411KB

    • MD5

      3e4a6a626a6ec6287959069f5d4a23f8

    • SHA1

      3199154897383ac6bae446940e79e65b0fa79253

    • SHA256

      7e397f197a4122d8a085b7a5c9d080aa9f103b87e40cc4166cd283b8ad679faf

    • SHA512

      11ed74559043e250c998b0c30e0f97f7f30b1648eb3fc68937a25415901bd2bf77d1dae8f1b7fd5e38238615b992734f3a4897c5c1f849a6edf923ff946a726e

    • SSDEEP

      12288:cHQdkTZcKDn+GmLIkfWYebn7zqFE7SGUQQoJLzPp4FrSmSA:FdkTZcKDn+GmGaI9QMzPc

    Score
    10/10
    warzoneratcollectioninfostealerrat

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

      ratinfostealerwarzonerat

    • Warzone RAT payload

      rat

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Scripting

1
T1064

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks