Overview

overview

10

Static

static

1

b74618879b...bc.exe

windows7-x64

10

b74618879b...bc.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b74618879b5e2ea0e13c8d0e992678bc.exe

  • Size

    739KB

  • Sample

    230405-hajgyseb7z

  • MD5

    b74618879b5e2ea0e13c8d0e992678bc

  • SHA1

    fc5d28f298c64362ffb3694ab86230a9d445b0a8

  • SHA256

    329eb61b873a6a841137f7636308eeea8b0be51615660fb8ec8ada0ffdeaec52

  • SHA512

    1c8ef059b4398301624db7709175db06b3af33116f19cb5c3c6c6c8dd1b3ed7657f401b0357274ccc3c23885274a6221a40d446958a2d27990493d394c33a7b4

  • SSDEEP

    6144:xKPFSPmwoU4u97LyvqwVzphpJS4hgXoa76Cn5TVM0DKDjYTHo9wdbJ4hkGF:xKPFSPmD8LyywVzpFzhlUTGbgTHcwTg

Score
10/10
warzoneratcollectioninfostealerratspywarestealer

Malware Config

Extracted

Family

warzonerat

C2

185.29.9.38:3456

Targets

    • Target

      b74618879b5e2ea0e13c8d0e992678bc.exe

    • Size

      739KB

    • MD5

      b74618879b5e2ea0e13c8d0e992678bc

    • SHA1

      fc5d28f298c64362ffb3694ab86230a9d445b0a8

    • SHA256

      329eb61b873a6a841137f7636308eeea8b0be51615660fb8ec8ada0ffdeaec52

    • SHA512

      1c8ef059b4398301624db7709175db06b3af33116f19cb5c3c6c6c8dd1b3ed7657f401b0357274ccc3c23885274a6221a40d446958a2d27990493d394c33a7b4

    • SSDEEP

      6144:xKPFSPmwoU4u97LyvqwVzphpJS4hgXoa76Cn5TVM0DKDjYTHo9wdbJ4hkGF:xKPFSPmD8LyywVzpFzhlUTGbgTHcwTg

    Score
    10/10
    warzoneratcollectioninfostealerratspywarestealer

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

      ratinfostealerwarzonerat

    • Warzone RAT payload

      rat

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks