General

  • Target

    41c6594d3fb3d3d38676a2cbe5fd4ca5

  • Size

    724KB

  • Sample

    210710-cwyehp2pss

  • MD5

    41c6594d3fb3d3d38676a2cbe5fd4ca5

  • SHA1

    dbd7e47680f8ead9d36f9ae1dd298d7d16233f76

  • SHA256

    394b84714c723fe917d65356700c36483a29610251eb06b93fb4a2b0922a68a4

  • SHA512

    1acb5f58d00ee91d5cdc92c71d669174d9a383ae9864cfaebaa67882c4ebd73daf813bbab5c094995618c3f139beb9aa356f67b09e8b3a8de55134e1473da7a6

Malware Config

Extracted

Family

warzonerat

C2

byx.z86.ru:5200

Targets

    • Target

      41c6594d3fb3d3d38676a2cbe5fd4ca5

    • Size

      724KB

    • MD5

      41c6594d3fb3d3d38676a2cbe5fd4ca5

    • SHA1

      dbd7e47680f8ead9d36f9ae1dd298d7d16233f76

    • SHA256

      394b84714c723fe917d65356700c36483a29610251eb06b93fb4a2b0922a68a4

    • SHA512

      1acb5f58d00ee91d5cdc92c71d669174d9a383ae9864cfaebaa67882c4ebd73daf813bbab5c094995618c3f139beb9aa356f67b09e8b3a8de55134e1473da7a6

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks