General

  • Target

    Documento de envio.exe

  • Size

    982KB

  • Sample

    210722-gz3nclsnt2

  • MD5

    0fcc784f9400be0d78104a0043ee4479

  • SHA1

    65cac3bdb71487d6e14480ade6397347289e047b

  • SHA256

    864b531c5f5a397b3fd2a8aa91c83f956d93300db9c986bfa7ae4744d7cb732f

  • SHA512

    b32a5475f7ec76dc88201383616e712d867757de39525ac5cda21536c5144e82fb3fe4b08f5024678823e8e1ca7bd8ffea0cbbeab8845636adb6e11e1fd1c975

Malware Config

Extracted

Family

warzonerat

C2

juner234.ddns.net:6397

Targets

    • Target

      Documento de envio.exe

    • Size

      982KB

    • MD5

      0fcc784f9400be0d78104a0043ee4479

    • SHA1

      65cac3bdb71487d6e14480ade6397347289e047b

    • SHA256

      864b531c5f5a397b3fd2a8aa91c83f956d93300db9c986bfa7ae4744d7cb732f

    • SHA512

      b32a5475f7ec76dc88201383616e712d867757de39525ac5cda21536c5144e82fb3fe4b08f5024678823e8e1ca7bd8ffea0cbbeab8845636adb6e11e1fd1c975

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    • Loads dropped DLL

MITRE ATT&CK Matrix

Tasks