0001.exe

General
Target

0001.exe

Size

504KB

Sample

210312-ctj47935ya

Score
10 /10
MD5

dce40fe214b73d0e6404ee8d25510cd1

SHA1

e6b31b3b3c8ad95554f63415f66ae098632c5a34

SHA256

72e1816b0f9e1fb44f557dda6696b1596b8c61369e7e91e4e730de33646d4d72

SHA512

12f10cf718959d9aac2f7fb88842aa2868eb3ba963395b94a8dd7f5bbcb46674c13bf2bd59b24f2598f23435a519e66c7d166bd42d7abbac4639e633f8b07fd0

Malware Config

Extracted

Family warzonerat
C2

79.134.225.26:3141

Targets
Target

0001.exe

MD5

dce40fe214b73d0e6404ee8d25510cd1

Filesize

504KB

Score
10 /10
SHA1

e6b31b3b3c8ad95554f63415f66ae098632c5a34

SHA256

72e1816b0f9e1fb44f557dda6696b1596b8c61369e7e91e4e730de33646d4d72

SHA512

12f10cf718959d9aac2f7fb88842aa2868eb3ba963395b94a8dd7f5bbcb46674c13bf2bd59b24f2598f23435a519e66c7d166bd42d7abbac4639e633f8b07fd0

Tags

Signatures

  • WarzoneRat, AveMaria

    Description

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    Tags

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                    Privilege Escalation
                      Tasks

                      static1

                      behavioral1

                      10/10

                      behavioral2

                      10/10