Overview

overview

10

Static

static

3

0246d4eb99...b5.exe

windows7-x64

10

0246d4eb99...b5.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    97fb00006246e0f21756ef9724201daaa64e1111be1aa8a62eb23ec81240f154

  • Size

    582KB

  • Sample

    240417-rszrbsdd7s

  • MD5

    2fda0de7be82b320e996e0fe2773c4bc

  • SHA1

    5c6c84a4bbc7460c9c33272bc7a0d1a58499c217

  • SHA256

    97fb00006246e0f21756ef9724201daaa64e1111be1aa8a62eb23ec81240f154

  • SHA512

    82544e154f8f98256dc49cbb4152fe3715aef47d1988a122a80a8747c96c89ac5ee262f47cbfe63f8b11bc026219e9edcc6c330b97cba9ad83a478f43933707d

  • SSDEEP

    12288:0V3fK/nbT+8LZJjQOleUT0kDKj7zHaWTYk9BLTyYKk:0VyTTNLZJjQOgUT0km/pYkD/yYB

Score
10/10
warzoneratinfostealerrat

Malware Config

Extracted

Family

warzonerat

C2

38.255.33.106:7896

Targets

    • Target

      0246d4eb99473ba449b98548167d0767b68b075749a8962d0573851f505689b5.exe

    • Size

      847KB

    • MD5

      08b6a2749172417cbaa1a010639329c3

    • SHA1

      6590a1646329161ee305abb2700e1d09d8b52faa

    • SHA256

      0246d4eb99473ba449b98548167d0767b68b075749a8962d0573851f505689b5

    • SHA512

      4482704e3fe0ccd16f877b6345cd40d1f4f058df2f88b5f18510f8ba998b9f198763826daef15020cd602e4474344af1f5a86f64a6f304ff975395396f778d1c

    • SSDEEP

      24576:WuU/YJIS5ypFpGIr9cxGDF28CJXtfI7Khk9bSJzFzbhx:QGIr3vCJXtsKhkG9Nx

    Score
    10/10
    warzoneratinfostealerrat

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

      ratinfostealerwarzonerat

    • Warzone RAT payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks