General

  • Target

    a4596b039ec21394b6f5a7032f9b4b50.exe

  • Size

    383KB

  • Sample

    210716-lpjed2mq46

  • MD5

    a4596b039ec21394b6f5a7032f9b4b50

  • SHA1

    15604020db19962ef579ecde885f2516a48c4b99

  • SHA256

    401bce69b94fd198482a5e4c760570afd0e6b85e64871894a4796acd5aeedd48

  • SHA512

    877dab806cee2cb874c482f3c0f3240d4423ff1446371a4318f37831845f7fac6de395a301505f587d3dc287f2c193fa102c43c90202999087c6beddf98ef9af

Malware Config

Extracted

Family

warzonerat

C2

byx.z86.ru:5200

Targets

    • Target

      a4596b039ec21394b6f5a7032f9b4b50.exe

    • Size

      383KB

    • MD5

      a4596b039ec21394b6f5a7032f9b4b50

    • SHA1

      15604020db19962ef579ecde885f2516a48c4b99

    • SHA256

      401bce69b94fd198482a5e4c760570afd0e6b85e64871894a4796acd5aeedd48

    • SHA512

      877dab806cee2cb874c482f3c0f3240d4423ff1446371a4318f37831845f7fac6de395a301505f587d3dc287f2c193fa102c43c90202999087c6beddf98ef9af

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks