General

  • Target

    6fad4976da2bd04abe815d5d70abcb59.exe

  • Size

    328KB

  • Sample

    210419-7lbx5rs8m6

  • MD5

    6fad4976da2bd04abe815d5d70abcb59

  • SHA1

    efd9f13ce017f7da924f24c6a101c8e79a2cc01c

  • SHA256

    b63510ef1f908a56031aa259b42890edd4fea137cbfcc32cd3855b6f77e4a31f

  • SHA512

    e1eba88f62771fdeeac6f7e6b0cbd63ec72bbe294290ccb42bf5ef52d362f1d879ef757e3e95265295101410d51f6c466ec2e213e824d901d3374e9f5d1de430

Malware Config

Extracted

Family

warzonerat

C2

cbngroup.duckdns.org:38050

Targets

    • Target

      6fad4976da2bd04abe815d5d70abcb59.exe

    • Size

      328KB

    • MD5

      6fad4976da2bd04abe815d5d70abcb59

    • SHA1

      efd9f13ce017f7da924f24c6a101c8e79a2cc01c

    • SHA256

      b63510ef1f908a56031aa259b42890edd4fea137cbfcc32cd3855b6f77e4a31f

    • SHA512

      e1eba88f62771fdeeac6f7e6b0cbd63ec72bbe294290ccb42bf5ef52d362f1d879ef757e3e95265295101410d51f6c466ec2e213e824d901d3374e9f5d1de430

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    • Warzone RAT Payload

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Discovery

System Information Discovery

1
T1082

Tasks