Statement SKBMT 01078.exe

General
Target

Statement SKBMT 01078.exe

Size

1MB

Sample

210723-7p4wsws3ds

Score
10 /10
MD5

2ac95d271159084b2f3f66ebe2fc1318

SHA1

70c8964080fef2993c9a3f4cb3f6f9c8a0e10f54

SHA256

af96538d76a53512e82dbb6683578b7d44577307722d1c9291cf047f5f471334

SHA512

0619dbaa146a64851bd24c7afd04bbaf2c23e002e10a9f83a306079c6edff0e876c32c60e4fc74de64b05dd74aa24b27810572b18efdc4878426a82840649105

Malware Config

Extracted

Family warzonerat
C2

202.55.132.213:7744

Targets
Target

Statement SKBMT 01078.exe

MD5

2ac95d271159084b2f3f66ebe2fc1318

Filesize

1MB

Score
10 /10
SHA1

70c8964080fef2993c9a3f4cb3f6f9c8a0e10f54

SHA256

af96538d76a53512e82dbb6683578b7d44577307722d1c9291cf047f5f471334

SHA512

0619dbaa146a64851bd24c7afd04bbaf2c23e002e10a9f83a306079c6edff0e876c32c60e4fc74de64b05dd74aa24b27810572b18efdc4878426a82840649105

Tags

Signatures

  • WarzoneRat, AveMaria

    Description

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    Tags

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                    Privilege Escalation
                      Tasks

                      static1

                      behavioral1

                      1/10

                      behavioral2

                      10/10