General

  • Target

    nope.exe

  • Size

    323KB

  • Sample

    210507-1w99nmsxwx

  • MD5

    05cb7c989fa115270895dbadf7598a1b

  • SHA1

    cfa9ac127090cc5826a6e7b6e2b13cceb82ba751

  • SHA256

    dbdfbca2dcc01a530cd7c449500dc0f6b564c11f9ed9dc8d746709a235d6826f

  • SHA512

    849c96876d37043a95f828ac3587b2049c0217d826f07724330f6d8d9a613868ff79352da8b74078101796d2ddf62037544db8faa680bf77ebdbd6c034fbdca9

Malware Config

Extracted

Family

warzonerat

C2

149.28.124.150:5200

Targets

    • Target

      nope.exe

    • Size

      323KB

    • MD5

      05cb7c989fa115270895dbadf7598a1b

    • SHA1

      cfa9ac127090cc5826a6e7b6e2b13cceb82ba751

    • SHA256

      dbdfbca2dcc01a530cd7c449500dc0f6b564c11f9ed9dc8d746709a235d6826f

    • SHA512

      849c96876d37043a95f828ac3587b2049c0217d826f07724330f6d8d9a613868ff79352da8b74078101796d2ddf62037544db8faa680bf77ebdbd6c034fbdca9

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Discovery

System Information Discovery

1
T1082

Tasks