warzonerat | 8880dce3daf97e67a978a171305d7fd8f487fc74793ec760580bdd19197d77fd | Triage

Resubmissions

03/07/2023, 23:39

230703-3njp4aad83 10

03/07/2023, 19:32

230703-x8x6bsbc4s 10

Sharing

Copy URL Twitter E-mail

General

Target

Dhepjexe.exe
Size

152KB
Sample

230703-3njp4aad83
MD5

66552aa98285ba1c58a90ae8eee06c7a
SHA1

54b991528dff963d67707f69ff6f1c30ba04de8a
SHA256

8880dce3daf97e67a978a171305d7fd8f487fc74793ec760580bdd19197d77fd
SHA512

e753ba4c539657e4869000e2a34b6fc8086c71a9e7bf6db6d374e013e07cfd5b3ce0f65f82afaec6bdee773f691649f48bc70ec277c6d632aaeb8ba5ce792781
SSDEEP

3072:4NLOpnhTdOw9YAJOzIY9gVl01T2ENipdDg0z5:4NLYdT97JSIFl0QENqF

Score

10^/10

warzonerat collection rat spyware stealer

Malware Config

Extracted

Family

warzonerat

C2

feeders.ninqshing.net:443

Targets

- Target
  
  Dhepjexe.exe
- Size
  
  152KB
- MD5
  
  66552aa98285ba1c58a90ae8eee06c7a
- SHA1
  
  54b991528dff963d67707f69ff6f1c30ba04de8a
- SHA256
  
  8880dce3daf97e67a978a171305d7fd8f487fc74793ec760580bdd19197d77fd
- SHA512
  
  e753ba4c539657e4869000e2a34b6fc8086c71a9e7bf6db6d374e013e07cfd5b3ce0f65f82afaec6bdee773f691649f48bc70ec277c6d632aaeb8ba5ce792781
- SSDEEP
  
  3072:4NLOpnhTdOw9YAJOzIY9gVl01T2ENipdDg0z5:4NLYdT97JSIFl0QENqF
Score

7^/10

collection spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

collectionspywarestealer

behavioral2

collectionspywarestealer