Overview

overview

10

Static

static

3

f990e61f27...18.exe

windows7-x64

10

f990e61f27...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f990e61f27aa6b6f21e22ec66da256bc_JaffaCakes118

  • Size

    970KB

  • Sample

    240419-fpjedshe78

  • MD5

    f990e61f27aa6b6f21e22ec66da256bc

  • SHA1

    b1b3ab210652a8268424489d272091e811833f08

  • SHA256

    e90bb8f634ea320dd9e39c3f7c007402c0a696ef31cce92a259c7fca6e479514

  • SHA512

    f161ef18e7e8d748168638f2c92eb05759bc002185578cfd0f672c16dba267fc2329930b479e204c974d736e64f65bf072e0ee80e2b0d131892079263b561a22

  • SSDEEP

    12288:eDK0n3qGaNHEyC9/oR9gy5FHK7zRsugClbeiIOUiw3fRAruzUDABXamsyPL1xmIw:eDKcPp9AR95yVsuMizcvaAsixxSiUtj

Score
10/10
warzoneratinfostealerrat

Malware Config

Extracted

Family

warzonerat

C2

45.137.22.62:4231

Targets

    • Target

      f990e61f27aa6b6f21e22ec66da256bc_JaffaCakes118

    • Size

      970KB

    • MD5

      f990e61f27aa6b6f21e22ec66da256bc

    • SHA1

      b1b3ab210652a8268424489d272091e811833f08

    • SHA256

      e90bb8f634ea320dd9e39c3f7c007402c0a696ef31cce92a259c7fca6e479514

    • SHA512

      f161ef18e7e8d748168638f2c92eb05759bc002185578cfd0f672c16dba267fc2329930b479e204c974d736e64f65bf072e0ee80e2b0d131892079263b561a22

    • SSDEEP

      12288:eDK0n3qGaNHEyC9/oR9gy5FHK7zRsugClbeiIOUiw3fRAruzUDABXamsyPL1xmIw:eDKcPp9AR95yVsuMizcvaAsixxSiUtj

    Score
    10/10
    warzoneratinfostealerrat

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

      ratinfostealerwarzonerat

    • Warzone RAT payload

      rat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks