General

  • Target

    034c2c4066cf59acc6911b2c7610aded.exe

  • Size

    605KB

  • Sample

    210712-a8m4z97p76

  • MD5

    034c2c4066cf59acc6911b2c7610aded

  • SHA1

    49dec1ddfb48686edb1d76183ba51c91cf2868e6

  • SHA256

    27c7c159ac96bd76fc993fd76e2ee88106631af414a235a2a1aae1e31100af99

  • SHA512

    215736e2453aacee4a85fd3191ee458b7bc77cb7d8b452d65f7d8cf7269d1d7c3e1c8395b4af9d949b5331d71082b13b1ba94c518e187a42b28649bfbdf5bea6

Malware Config

Extracted

Family

warzonerat

C2

byx.z86.ru:5200

Targets

    • Target

      034c2c4066cf59acc6911b2c7610aded.exe

    • Size

      605KB

    • MD5

      034c2c4066cf59acc6911b2c7610aded

    • SHA1

      49dec1ddfb48686edb1d76183ba51c91cf2868e6

    • SHA256

      27c7c159ac96bd76fc993fd76e2ee88106631af414a235a2a1aae1e31100af99

    • SHA512

      215736e2453aacee4a85fd3191ee458b7bc77cb7d8b452d65f7d8cf7269d1d7c3e1c8395b4af9d949b5331d71082b13b1ba94c518e187a42b28649bfbdf5bea6

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks