Overview

overview

10

Static

static

3

Poduct req...on.exe

windows7-x64

10

Poduct req...on.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Poduct requirements and Company Specification.exe

  • Size

    833KB

  • Sample

    230808-gldv6scd41

  • MD5

    6942d622cefdaab1ed632fa149f0920e

  • SHA1

    b21a4012f022facd1bbfc8dae08df17dacdc3683

  • SHA256

    85f6360167007d5c4d5f8fdaacf17c69448b7c87cfe87f46014e413bbe14da28

  • SHA512

    4eb3e30e14995e3bfa8ab4be7c9642341caf4cb24ce7996851c4da72dbb20d9af601cc305e3763e8c77834ed435f34e421f99f863270d0daf6c81bc8cb7bf096

  • SSDEEP

    12288:Hsq3iF9Fn0ELoFH9wDGayOrLoI7PAX5+29+Op6eLLVkPE5Gw4PrcFf7:Mq3iNnadgyXIU/9+DELuM5R4Pr2

Score
10/10
warzoneratinfostealerrat

Malware Config

Extracted

Family

warzonerat

C2

161.129.33.214:2345

Targets

    • Target

      Poduct requirements and Company Specification.exe

    • Size

      833KB

    • MD5

      6942d622cefdaab1ed632fa149f0920e

    • SHA1

      b21a4012f022facd1bbfc8dae08df17dacdc3683

    • SHA256

      85f6360167007d5c4d5f8fdaacf17c69448b7c87cfe87f46014e413bbe14da28

    • SHA512

      4eb3e30e14995e3bfa8ab4be7c9642341caf4cb24ce7996851c4da72dbb20d9af601cc305e3763e8c77834ed435f34e421f99f863270d0daf6c81bc8cb7bf096

    • SSDEEP

      12288:Hsq3iF9Fn0ELoFH9wDGayOrLoI7PAX5+29+Op6eLLVkPE5Gw4PrcFf7:Mq3iNnadgyXIU/9+DELuM5R4Pr2

    Score
    10/10
    warzoneratinfostealerrat

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

      ratinfostealerwarzonerat

    • Warzone RAT payload

      rat

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks