text.exe

General
Target

text.exe

Size

1MB

Sample

210723-94dsyzav2n

Score
10 /10
MD5

08e321e2f7a4fceebed7d9330c7e627b

SHA1

2049c1f290d542fba9690958d97c25c0f9d2b39d

SHA256

670a52daaf17c5925d5cb33c03e849a863f11f153d438519ec3c71083a90167b

SHA512

f3ed6cf7f15f65878d547be2853376602236d4364f6d53566b8169fc05b26454c031f3b7b5630c5dd340054fdca81fe69f569aad9b1cc06cdef751f7eac3d1f1

Malware Config

Extracted

Family warzonerat
C2

5.226.138.94:6621

Targets
Target

text.exe

MD5

08e321e2f7a4fceebed7d9330c7e627b

Filesize

1MB

Score
10 /10
SHA1

2049c1f290d542fba9690958d97c25c0f9d2b39d

SHA256

670a52daaf17c5925d5cb33c03e849a863f11f153d438519ec3c71083a90167b

SHA512

f3ed6cf7f15f65878d547be2853376602236d4364f6d53566b8169fc05b26454c031f3b7b5630c5dd340054fdca81fe69f569aad9b1cc06cdef751f7eac3d1f1

Tags

Signatures

  • WarzoneRat, AveMaria

    Description

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    Tags

  • Warzone RAT Payload

    Tags

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                    Privilege Escalation
                      Tasks

                      static1

                      behavioral1

                      10/10

                      behavioral2

                      10/10