sample _ list.ace

General
Target

sample _ list.ace

Size

279KB

Sample

210722-gdqr9krj2s

Score
10 /10
MD5

a1302b11b26a4e7d31a36d5d4a711d2c

SHA1

b9fca4b04e35b3f2b3c185ae631b4eb6d295df2b

SHA256

11daf2061e6239ea6c68db36371ace9433dfb783a768a2d7281dba0e58ead375

SHA512

e105d36ae26aef40a2bdf13a90375539a8dda0d30bb4d70d291f0b313d1c271daae984cddc6b5e23f9c00f0d6434c5ba3d3ef8d4188a273be91f6b6ad41cec8f

Malware Config

Extracted

Family warzonerat
C2

msteel1759.ddns.net:47680

Targets
Target

sample & list.exe

MD5

e5d9171fcddcb7ad12ba356039f961ae

Filesize

675KB

Score
10 /10
SHA1

a093a11278a11d9db0d648fec160ad1b8217ffe4

SHA256

52477714f4d4870a73c7ea42a240b4191e895860f0268ef16b5f0c49d338447d

SHA512

dfe707354f4c8bac9f9190e04f6775ddaeb9ac1e04baf54f341617cb56e4b10fee63a0df746cff0d1f8b6380e7bb7c097f1235e0779f28d9f17dbb83d649e975

Tags

Signatures

  • WarzoneRat, AveMaria

    Description

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    Tags

  • Warzone RAT Payload

    Tags

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup Folder Modify Registry
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Privilege Escalation
                      Tasks

                      static1