Overview

overview

10

Static

static

3

SSexeexeexe.exe

windows7-x64

10

SSexeexeexe.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SSexeexeexe.exe

  • Size

    174KB

  • Sample

    230630-rgc37aec9z

  • MD5

    b682e3dc1f18c1131f75ff8582aa5703

  • SHA1

    3469dd3c70a3ee99ece17b22b4ffe01ed806404a

  • SHA256

    0e56b689196e7f1ddef9fad8cc6db33ba3bcc529b1ddb9cd5940ae206289d667

  • SHA512

    7d279f652bd1817d5d5a0330865c1ab04b11c7597515120756d2db7ef97e37c2628d9790ed843d94744b602dba73346bea8542ab384209b4e93a172c2b206465

  • SSDEEP

    3072:68MvVo31JZfOQtO9PD6vl7fIkWEffn9ne2+6TKXeB5AlckP+tL/uZwfkR:68MvqIL6vl7fIkWK9eXC5AakP+tL/uZf

Score
10/10
warzoneratinfostealerrat

Malware Config

Extracted

Family

warzonerat

C2

193.42.32.191:8282

Targets

    • Target

      SSexeexeexe.exe

    • Size

      174KB

    • MD5

      b682e3dc1f18c1131f75ff8582aa5703

    • SHA1

      3469dd3c70a3ee99ece17b22b4ffe01ed806404a

    • SHA256

      0e56b689196e7f1ddef9fad8cc6db33ba3bcc529b1ddb9cd5940ae206289d667

    • SHA512

      7d279f652bd1817d5d5a0330865c1ab04b11c7597515120756d2db7ef97e37c2628d9790ed843d94744b602dba73346bea8542ab384209b4e93a172c2b206465

    • SSDEEP

      3072:68MvVo31JZfOQtO9PD6vl7fIkWEffn9ne2+6TKXeB5AlckP+tL/uZwfkR:68MvqIL6vl7fIkWK9eXC5AakP+tL/uZf

    Score
    10/10
    warzoneratinfostealerrat

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

      ratinfostealerwarzonerat

    • Warzone RAT payload

      rat

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks