Overview

overview

10

Static

static

3

de492c6384...88.exe

windows7-x64

10

de492c6384...88.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    59dc7fff61938536be577f4f4bffccd30490bc65f63438b3f5a9fb3de94aaa64

  • Size

    582KB

  • Sample

    240417-rs1nmadd7v

  • MD5

    a5e8c4e210fcd2ac111fae7e3f9f5f37

  • SHA1

    2150a4fd2f26a6c6c6203bafc0ba46d5221e91da

  • SHA256

    59dc7fff61938536be577f4f4bffccd30490bc65f63438b3f5a9fb3de94aaa64

  • SHA512

    bc34be3aee7d64c43bee1db4bbe4cd0e226a20bd1be86c1c4179e84e1e5f842b8f96b19e4821deb62039ba4c393853695a96e4349631df4d8df8954cb900cdc0

  • SSDEEP

    12288:pNLMVw+9HvxC+d9cjctE4lwcLEw44/HXU/R1BzRGaK50teamUi/o1:3MV1bvUcJfUvBzvHtA5E

Score
10/10
warzoneratinfostealerrat

Malware Config

Extracted

Family

warzonerat

C2

38.255.33.106:7896

Targets

    • Target

      de492c6384df2afd8c36f3f8ca910d93a21a2981b3c3a80e8a858d643122d488.exe

    • Size

      753KB

    • MD5

      4df59dea2cef6c233168b355086bec84

    • SHA1

      38ea6d2ec93f3af7b029e4e0815cfbed1a86f67b

    • SHA256

      de492c6384df2afd8c36f3f8ca910d93a21a2981b3c3a80e8a858d643122d488

    • SHA512

      633b1e5dcb30e9b5e68d5d5c12949e88f425f8b4a74961a1a6adbd42f6cedf4fed43edcf0983490b4d657841dbc994f0db4b0ddecc15beaa0eeb67750eb9a2b1

    • SSDEEP

      12288:BuIjUxr/RIZBpCrAaXYykD9c3hWVefuiqzuBHofwjKUO6/My2et:BuIjUxjRIZBpGIr9cxWVquiqzuJTKUT1

    Score
    10/10
    warzoneratinfostealerrat

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

      ratinfostealerwarzonerat

    • Warzone RAT payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks